PHP Object Injection Vulnerability in Moodle 2.5.x before 2.5.2

PHP Object Injection Vulnerability in Moodle 2.5.x before 2.5.2

CVE-2013-5674 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.

Learn more about our External Network Penetration Testing.