A new vulnerability has been detected in Moodle, the open source PHP-based learning management system (LMS). The vulnerability, named ‘Evil Teacher’ allows for remote code execution.
The vulnerability appears to impact versions older than 3.5.0, which means most instances are impacted. Exploitation is limited to those assigned as a “teacher” role.
- If you are running Moodle 3.5.0 or below, it is recommended that you update your instances to the newest version immediately.
- If you have any further questions, contact firstname.lastname@example.org