Main Vulnerability Database Vulnerabilities #VU41451

Code Injection in Moodle - CVE-2014-3541

Published: July 29, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41451

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-3541

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

How to mitigate CVE-2014-3541

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
http://openwall.com/lists/oss-security/2014/07/21/1
https://moodle.org/mod/forum/discuss.php?d=264262

Code Injection in Moodle - CVE-2014-3541

Detailed vulnerability description

How to mitigate CVE-2014-3541

Sources

Please verify you're human