In a shared hosting environment that has been misconfigured to allow access to other users content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Moodle | Moodle | * | 3.9.24 (excluding) |
Moodle | Moodle | 3.11.0 (including) | 3.11.17 (excluding) |
Moodle | Moodle | 4.0.0 (including) | 4.0.11 (excluding) |
Moodle | Moodle | 4.1.0 (including) | 4.1.6 (excluding) |
Moodle | Moodle | 4.2.0 (including) | 4.2.3 (excluding) |
Moodle | Ubuntu | bionic | * |
Moodle | Ubuntu | trusty | * |
Moodle | Ubuntu | xenial | * |