E19-0jv11
CVSS:
8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
t
Variants:
6
Year:
2018
Description
The strike reproduces a remote code execution attack on Moodle CMS platform.
The vulnerability resides in poor user input sanitization for 'answer' parameter within 'questiontype.php', when defining a new quizz of type 'Calculated'.
By exploiting the issue, a remote authenticated attacker may execute arbitrary PHP code with HTTP Server privileges.