CVE-2018-14630

CVE-2018-14630

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy ‘drag and drop into text’ (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.

Source: CVE-2018-14630

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다