Main Vulnerability Database Vulnerabilities #VU58189

#VU58189 Code Injection in Moodle - CVE-2021-3943

Published: November 16, 2021

Vulnerability identifier: #VU58189

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-3943

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when restoring malformed backup file . A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://moodle.org/mod/forum/discuss.php?d=429095

#VU58189 Code Injection in Moodle - CVE-2021-3943

Description

Remediation

External links

Please verify you're human