Vulnerabilities > CVE-2021-20187 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Moodle
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.