A new vulnerability has been detected in Moodle, the open source PHP-based learning management system (LMS). The vulnerability, named ‘Evil Teacher’ allows for remote code execution.
Severity
Critical
CVE Number
CVE-2018-1133
Impacted Platforms
The vulnerability appears to impact versions older than 3.5.0, which means most instances are impacted. Exploitation is limited to those assigned as a “teacher” role.
Recommended Actions
- If you are running Moodle 3.5.0 or below, it is recommended that you update your instances to the newest version immediately.
- If you have any further questions, contact security@ubc.ca
More information