Vulnerability Details CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.691
EPSS Ranking 98.5%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277
- http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277