Vulnerability CVE-2018-14630

Vulnerability CVE-2018-14630

Published: 2018-09-17

Description:

	Topic	Author	Date
High	Moodle 3.x PHP Unserialize Remote Code Execution	EOF J. Moritz	19.09.2018

Type:

(Improper Control of Generation of Code ('Code Injection'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.5/10	6.4/10	8/10

Affected software
Moodle -> Moodle

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880

http://www.securityfocus.com/bid/105354

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630

https://moodle.org/mod/forum/discuss.php?d=376023

https://seclists.org/fulldisclosure/2018/Sep/28

https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630/