CVE-2022-40314

CRITICAL

Moodle < 3.9.17 - Insecure Deserialization

Title source: rule

Description

A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0731
EPSS Percentile 91.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (2)

moodle/moodle < 3.9.17
moodle/moodle < 3.9.17Packagist

Timeline

Published Sep 30, 2022
Tracked Since Feb 18, 2026