SB2018091708 - Multiple vulnerabilities in moodle Moodle
Published: September 17, 2018 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2018-14631)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
2) Code Injection (CVE-ID: CVE-2018-14630)
The vulnerability allows a remote authenticated user to execute arbitrary code.
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.
Remediation
Install update from vendor's website.
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62857
- http://www.securityfocus.com/bid/105371
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14631
- https://moodle.org/mod/forum/discuss.php?d=376025
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880
- http://www.securityfocus.com/bid/105354
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630
- https://moodle.org/mod/forum/discuss.php?d=376023
- https://seclists.org/fulldisclosure/2018/Sep/28
- https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630/