Moodle vulnerable to RCE via unsafe deserialization
Critical severity
GitHub Reviewed
Published
Nov 23, 2021
to the GitHub Advisory Database
•
Updated Jul 11, 2023
Package
Affected versions
>= 3.11, <= 3.11.3
>= 3.10, <= 3.10.7
>= 3.9, <= 3.9.10
Patched versions
3.11.4
3.10.8
3.9.11
Description
Published by the National Vulnerability Database
Nov 22, 2021
Published to the GitHub Advisory Database
Nov 23, 2021
Reviewed
Jul 11, 2023
Last updated
Jul 11, 2023
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.
References