CVE-2021-21809
8.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Summary
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Moodle | Moodle 3.10 | affected |
Weaknesses
- OS command injection
ADP Enrichment
CVE Program Container
Additional References
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277
- http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277
- http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.