High severity7.5NVD Advisory· Published May 21, 2020· Updated Jun 17, 2026
CVE-2020-10738
CVE-2020-10738
Description
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.8, < 3.8.3 | 3.8.3 |
moodle/moodlePackagist | >= 3.7, < 3.7.6 | 3.7.6 |
moodle/moodlePackagist | >= 3.6, < 3.6.10 | 3.6.10 |
moodle/moodlePackagist | >= 3.5, < 3.5.12 | 3.5.12 |
Affected products
3- Moodle/Moodledescription
- osv-coords2 versions
>= 3.5.0, < 3.5.12+ 1 more
- (no CPE)range: >= 3.5.0, < 3.5.12
- (no CPE)range: >= 3.8, < 3.8.3
Patches
Vulnerability mechanics
References
5- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- moodle.org/mod/forum/discuss.phpnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-vr6v-g96p-cjc3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-10738ghsaADVISORY
- github.com/moodle/moodle/commit/2cd534a7df3867813e3aad42db615865149a58c6ghsaWEB
News mentions
0No linked articles in our index yet.