CVE-2017-5945
Last modified
CVE-2017-5945 is a vulnerability of currently unknown severity. An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php" URL. EPSS estimates a 0.87% chance of exploitation in the next 30 days.
Description
An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Poodll | Moodle-Filter Poodll | <= 3.0.20 |
References
- http://www.securityfocus.com/bid/96212Third Party Advisory
- https://github.com/justinhunt/moodle-filter_poodll/issues/23Exploit, Patch, Vendor Advisory
- http://www.securityfocus.com/bid/96212Third Party Advisory
- https://github.com/justinhunt/moodle-filter_poodll/issues/23Exploit, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5945?
How severe is CVE-2017-5945?
How do I fix CVE-2017-5945?
Are you affected by CVE-2017-5945?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST