Moodle LMS Vulnerability – June 26, 2018

A new vulnerability has been detected in Moodle, the open source PHP-based learning management system (LMS). The vulnerability, named ‘Evil Teacher’ allows for remote code execution.

Severity

Critical

CVE Number

CVE-2018-1133

Impacted Platforms

The vulnerability appears to impact versions older than 3.5.0, which means most instances are impacted. Exploitation is limited to those assigned as a “teacher” role.

Recommended Actions

  • If you are running Moodle 3.5.0 or below, it is recommended that you update your instances to the newest version immediately.
  • If you have any further questions, contact security@ubc.ca

More information