Moodle LMS Vulnerability – March 22, 2017 11:00 PT

A critical vulnerability has been detected in Moodle, the open source PHP-based learning management system (LMS). The issue is a SQL injection vulnerability, which allows an attacker to execute PHP code on the victim’s server.

Severity

Critical


CVE Number

CVE-2017-2641


Impacted Platforms

The vulnerability will affect almost all Moodle versions, including 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18 and other unsupported versions.

Recommended actions

More information