[VIM] Moodle <= 1.8.4 Remote Code Execution Exploit
George A. Theall
theall at tenablesecurity.com
Fri Sep 5 16:37:15 UTC 2008
FYI, while looking into milw0rm 6356, I notice the underlying issue is
in the KSES library it uses. The project addressed the issue earlier
this year; eg,
http://moodle.org/mod/forum/discuss.php?d=95031
http://cvs.moodle.org/moodle/lib/kses.php?r1=1.3.2.2&r2=1.3.2.3
SecurityFocus created BID 30995 for the issues covered by milw0rm
6356, yet they also have BID 28599, which covers the code execution
issue in KSES as well as a couple of other issues, so 30995 would seem
to be a dup.
I only see one CVE associated with the earlier BID: CVE-2008-1502,
which refers only to XSS attacks. Steve, if there another for the code
execution the earlier BID notes?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list