Lucene search
MitreCVE-2013-5674HistorySep 16, 2013 - 1:02 p.m.
CVE-2013-5674
2013-09-1613:02:48
CWE-94
mitre
web.nvd.nist.gov
29
moodle
php
object injection
cve-2013-5674
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.003
Percentile
68.1%
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
Affected configurations
Node
moodlemoodleMatch2.5.0
ORmoodlemoodleMatch2.5.1
Related
nessus
nessus
Moodle 'external.php' 'badge' Parameter XSS
2013-09-20 00:00:00
packetstorm
packetstorm
Moodle CMS 2.5.0-1 Cross Site Scripting
2013-09-16 00:00:00
nvd
nvd
CVE-2013-5674
2013-09-16 13:02:48
prion
prion
Design/Logic Flaw
2013-09-16 13:02:00
cvelist
cvelist
CVE-2013-5674
2013-09-16 10:00:00
zdt
zdt
Moodle CMS 2.5.0-1 Cross Site Scripting Vulnerability
2013-09-17 00:00:00
veracode
veracode
Remote Code Execution (RCE) Through Deserialization
2017-07-07 10:32:10
ubuntucve
ubuntucve
CVE-2013-5674
2013-09-16 00:00:00
securityvulns
securityvulns
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.003
Percentile
68.1%
Related for CVE-2013-5674