CVE-2018-1137

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
References
Link Resource
https://moodle.org/mod/forum/discuss.php?d=371204 Vendor Advisory
http://www.securityfocus.com/bid/104307 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Information

Published : 2018-05-25 12:29

Updated : 2018-06-25 09:54


NVD link : CVE-2018-1137

Mitre link : CVE-2018-1137

Products Affected
No products.
CWE