Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2018-1133

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.

Published: May 25, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-1133
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
moodle / moodle	3.4.0	3.4.2.x
moodle / moodle	3.3.0	3.3.5.x
moodle / moodle	3.1.0	3.1.11.x
moodle / moodle	3.2.0	3.2.8.x

http://www.securityfocus.com/bid/104307
https://moodle.org/mod/forum/discuss.php?d=371199
https://www.exploit-db.com/exploits/46551/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo