CVE-2014-3541

Improper Control of Generation of Code ('Code Injection') in packagist/moodle/moodle

Identifiers

GHSA-fccf-p8fx-vjj4, CVE-2014-3541

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

Affected Versions

All versions before 2.4.11, all versions starting from 2.5.0 before 2.5.7, all versions starting from 2.6.0 before 2.6.4, all versions starting from 2.7.0 before 2.7.1

Solution

Upgrade to versions 2.4.11, 2.5.7, 2.6.4, 2.7.1 or above.

Last Modified

2024-02-02

source