Vulnerabilities > CVE-2021-21809 - Unspecified vulnerability in Moodle 3.10.0

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

moodle

critical

NVD

Published: 2021-06-23

Updated: 2022-08-24

Summary

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.

Vulnerable Configurations

Part	Description	Count
Application	Moodle Moodle Moodle 3.10.0	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277
http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html