Main Vulnerability Database Vulnerabilities #VU135064

Code Injection in Moodle - #VU135064

Published: June 23, 2026

Vulnerability identifier: #VU135064

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within admin presets import. A remote administrator can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

Sources

https://moodle.org/mod/forum/discuss.php?d=481813
https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-88735&type=commits

Code Injection in Moodle - #VU135064

Detailed vulnerability description

Remediation

Sources

Please verify you're human