Arbitrary Class Instantiation and DDoS Vulnerability in Moodle 3.x

Arbitrary Class Instantiation and DDoS Vulnerability in Moodle 3.x

CVE-2018-1137 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

Learn more about our Cis Benchmark Audit For Apple Ios.