Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2018-1137

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

  • Published: May 25, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-1137
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.1
  • AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 5.5
  • AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

Software From Fixed in
moodle / moodle 3.4.0 3.4.2.x
moodle / moodle 3.3.0 3.3.5.x
moodle / moodle 3.1.0 3.1.11.x
moodle / moodle 3.2.0 3.2.8.x