CVE-2020-10738

Summary

A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]moodle3.8 to 3.8.2affected
[UNKNOWN]moodle3.7 to 3.7.5affected
[UNKNOWN]moodle3.6 to 3.6.9affected
[UNKNOWN]moodle3.5 to 3.5.11affected
[UNKNOWN]moodleEarlier unsupported versions.affected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References