Insufficient Input Escaping in Moodle's PHP Unit Webrunner Admin Tool
CVE-2020-1756

7.2HIGH

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 16 August 2022

What is CVE-2020-1756?

In Moodle versions prior to 3.8.2, 3.7.5, 3.6.9, and 3.5.11, an insufficient input escaping vulnerability exists in the PHP unit webrunner admin tool. This weakness could allow an attacker to inject malicious code, leading to potential unauthorized access or data manipulation. It is crucial for administrators to apply the necessary updates to safeguard their systems from exploitation.

Affected Version(s)

Moodle 3.8 to 3.8.1, 3.7 to 3.7.4, 3.6 to 3.6.8, 3.5 to 3.5.10 and earlier unsupported versions

References

https://moodle.org/mod/forum/discuss.php?d=398352

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2022
Vulnerability Reserved
Nov 27, 2019

CVE-2020-1756 Data

JSON