CVE-2014-3541
Moodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - RCE via Serialized Data
Title source: llmDescription
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=264262
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/07/21/1
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
Scores
EPSS
0.0193
EPSS Percentile
83.6%
Details
CWE
CWE-94
Status
published
Products (36)
moodle/moodle
2.4.0
moodle/moodle
2.4.1
moodle/moodle
2.4.2
moodle/moodle
2.4.3
moodle/moodle
2.4.4
moodle/moodle
2.4.5
moodle/moodle
2.4.6
moodle/moodle
2.4.7
moodle/moodle
2.4.8
moodle/moodle
2.4.9
... and 26 more
Published
Jul 29, 2014
Tracked Since
Feb 18, 2026