ID:6873 - Exploit for Code Injection in Moodle - CVE-2013-3630
Published: October 12, 2021
Vulnerability identifier: #VU42410
Vulnerability risk: Low
CVE-ID: CVE-2013-3630
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
Moodle
Moodle
Link to public exploit:
Vulnerability description
The vulnerability allows a remote #AU# to read and manipulate data.
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
Remediation
Install update from vendor's website.