Multiple vulnerabilities in Moodle

1) Code Injection

EUVDB-ID: #VU42410

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2013-3630

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote #AU# to read and manipulate data.

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 1.1.1 - 2.5.1

CPE2.3

• cpe:2.3:a:moodle_org:moodle:1.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:1.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:1.3.4:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:1.4.5:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:1.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:1.6.8:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:1.7.6:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:1.8.14:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:1.9.18:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.0.9:*:*:*:*:*:*:*

External links

https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

2) Input validation error

EUVDB-ID: #VU42566

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-6087

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 2.2 - 2.5.1

CPE2.3

• cpe:2.3:a:moodle_org:moodle:2.2.10:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.3.8:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.4.5:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.5.1:*:*:*:*:*:*:*

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40615
https://www.openwall.com/lists/oss-security/2013/01/03/1
https://moodle.org/mod/forum/discuss.php?d=238393

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) SQL injection

EUVDB-ID: #VU42567

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-4313

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 2.2 - 2.5.1

CPE2.3

• cpe:2.3:a:moodle_org:moodle:2.2.10:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.3.8:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.4.5:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.5.1:*:*:*:*:*:*:*

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676
https://moodle.org/mod/forum/discuss.php?d=238396

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cross-site scripting

EUVDB-ID: #VU42568

Risk: Low

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2013-4341

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 when processing a crafted blog link within an RSS feed. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 2.2 - 2.5.1

CPE2.3

• cpe:2.3:a:moodle_org:moodle:2.2.10:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.3.8:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.4.5:*:*:*:*:*:*:*
• cpe:2.3:a:moodle_org:moodle:2.5.1:*:*:*:*:*:*:*

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41623
https://moodle.org/mod/forum/discuss.php?d=238399

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

5) Code Injection

EUVDB-ID: #VU42569

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-5674

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 2.5 - 2.5.1

CPE2.3

• cpe:2.3:a:moodle_org:moodle:2.5.1:*:*:*:*:*:*:*

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40924
https://moodle.org/mod/forum/discuss.php?d=238397

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.