CVE-2022-35649
published 2022-07-25CVE-2022-35649: The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.44%
92.9th percentile
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| moodle | moodle | — | — |
| moodle | moodle | >= 3.11 < 3.11.8 | 3.11.8 |
| moodle | moodle | >= 3.11.0 < 3.11.8 | 3.11.8 |
| moodle | moodle | >= 3.9 < 3.9.15 | 3.9.15 |
| moodle | moodle | >= 3.9.0 < 3.9.15 | 3.9.15 |
| moodle | moodle | >= 4.0 < 4.0.2 | 4.0.2 |
| moodle | moodle | >= 4.0.0 < 4.0.2 | 4.0.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Moodle PostScript Code Injection
ghsa·2022-07-26
CVE-2022-35649 [CRITICAL] CWE-20 Moodle PostScript Code Injection
Moodle PostScript Code Injection
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
OSV
Moodle PostScript Code Injection
osv·2022-07-26
CVE-2022-35649 [CRITICAL] Moodle PostScript Code Injection
Moodle PostScript Code Injection
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
OSV
CVE-2022-35649: The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code
osv·2022-07-25·CVSS 9.8
CVE-2022-35649 [CRITICAL] CVE-2022-35649: The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044https://bugzilla.redhat.com/show_bug.cgi?id=2106273https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/https://moodle.org/mod/forum/discuss.php?d=436456http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044https://bugzilla.redhat.com/show_bug.cgi?id=2106273https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/https://moodle.org/mod/forum/discuss.php?d=436456
2022-07-25
Published