GHSA-fccf-p8fx-vjj4, CVE-2014-3541
packagist/moodle/moodle
Improper Control of Generation of Code ('Code Injection')
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
All versions before 2.4.11, all versions starting from 2.5.0 before 2.5.7, all versions starting from 2.6.0 before 2.6.4, all versions starting from 2.7.0 before 2.7.1
Upgrade to versions 2.4.11, 2.5.7, 2.6.4, 2.7.1 or above.
2024-02-02
source |