CVE-2014-3541: Improper Control of Generation of Code ('Code Injection')
(updated )
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
References
- git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
- openwall.com/lists/oss-security/2014/07/21/1
- github.com/advisories/GHSA-fccf-p8fx-vjj4
- github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d
- github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894
- github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c
- github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2
- github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844
- github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc
- github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42
- github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91
- github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33
- moodle.org/mod/forum/discuss.php?d=264262
- nvd.nist.gov/vuln/detail/CVE-2014-3541
Code Behaviors & Features
Detect and mitigate CVE-2014-3541 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →