CVE-2018-1137

Description

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

Risk Information

Base Score

8.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score

Exploitation Probability

0.214

Associated Vulnerability

Vulnerability	OS Platform
Update moodle 3.4.2 to latest version	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234