Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2020-25630)

Description

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Remediation

References

Related Vulnerabilities

Microsoft SQL Server CVE-2023-29349 Vulnerability (CVE-2023-29349)

MySQL CVE-2021-2014 Vulnerability (CVE-2021-2014)

WebLogic CVE-2022-21350 Vulnerability (CVE-2022-21350)

MediaWiki Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-25869)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-39200)

Severity

High

Classification

CVE-2020-25630 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities