NVD

Id
40933  
Name
CVE-2013-5674  
Description
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-09-16  
Modified Date
2013-09-25  
Seq
2013-5674  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
206924 40933 CVE-2013-5674 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40924  View
206925 40933 CVE-2013-5674 https://moodle.org/mod/forum/discuss.php?d=238397  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
22584 JVNDB-2013-004159 Moodle の badges/external.php における PHP オブジェクトインジェクション攻撃を実行される脆弱性 Moodle の badges/external.php は、外部バッジ (external badge) の記述をアンシリアライズすることで取得したオブジェクトを適切に処理しないため、PHP オブジェクトインジェクション攻撃を実行される脆弱性が存在します。 CVE-2013-5674 65616 CVE-2013-5674 40933 7.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-004159.html 2013-09-16 2013-10-11 View