Unrated severityNVD Advisory· Published Sep 16, 2013· Updated Jun 16, 2026
CVE-2013-5674
CVE-2013-5674
Description
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
Affected products
3Patches
Vulnerability mechanics
References
1- moodle.org/mod/forum/discuss.phpnvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.