High severity8.1NVD Advisory· Published May 25, 2018· Updated Jun 17, 2026
CVE-2018-1137
CVE-2018-1137
Description
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.1, < 3.1.12 | 3.1.12 |
moodle/moodlePackagist | >= 3.2, < 3.2.9 | 3.2.9 |
moodle/moodlePackagist | >= 3.3, < 3.3.6 | 3.3.6 |
moodle/moodlePackagist | >= 3.4, < 3.4.3 | 3.4.3 |
Affected products
1Patches
Vulnerability mechanics
References
4- www.securityfocus.com/bid/104307nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-vxqh-mx28-7ghwghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1137ghsaADVISORY
News mentions
0No linked articles in our index yet.