Moodle LMS Vulnerability – June 26, 2018

A new vulnerability has been detected in Moodle, the open source PHP-based learning management system (LMS). The vulnerability, named ‘Evil Teacher’ allows for remote code execution.



CVE Number


Impacted Platforms

The vulnerability appears to impact versions older than 3.5.0, which means most instances are impacted. Exploitation is limited to those assigned as a “teacher” role.

Recommended Actions

  • If you are running Moodle 3.5.0 or below, it is recommended that you update your instances to the newest version immediately.
  • If you have any further questions, contact

More information