CVE-2018-1137
Description
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
CWE
- (none)
Affected
- n/a / Moodle 3.x unknown — v=Moodle 3.x unknown [affected]
CVSS
- (none)
References
- http://www.securityfocus.com/bid/104307 vdb-entry, x_refsource_BID
- https://moodle.org/mod/forum/discuss.php?d=371204 x_refsource_CONFIRM
Source
cvelistV5-main/cves/2018/1xxx/CVE-2018-1137.json