Number: AV18-098
Date: 13 June 2018
Purpose
The purpose of this advisory is to bring attention to a security advisory released by Moodle.
Assessment
Moodle has released a product update to address remote code execution vulnerability .
Affected Product:
Moodle versions prior to 3.5.0
CVE Reference: CVE-2018-1133
Suggested action
CCIRC recommends that system administrators test and deploy the vendor released updates on affected platforms accordingly.
References
https://blog.ripstech.com/2018/moodle-remote-code-execution/
https://github.com/moodle/moodle/releases/tag/v3.5.0
https://moodle.org/mod/forum/discuss.php?d=371199#p1496353