CVE-2013-3630

Sažetak

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

Reference

https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-10-2021 - 18:15

Objavljeno

01-11-2013 - 02:55