A critical vulnerability has been detected in Moodle, the open source PHP-based learning management system (LMS). The issue is a SQL injection vulnerability, which allows an attacker to execute PHP code on the victim’s server.
Severity
Critical
CVE Number
CVE-2017-2641
Impacted Platforms
The vulnerability will affect almost all Moodle versions, including 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18 and other unsupported versions.
Recommended actions
- All Moodle administrators should apply the security patch available here: https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58010
- If you have any further questions, contact security@ubc.ca
More information