CVE-2022-35649

Summary

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Affected Software

VendorProductVersion RangeStatus
n/aMoodleFixed in moodle 4.0.2, moodle 3.11.8, moodle 3.9.15affected

Weaknesses

  • CWE-94: CWE-94 - Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References