Critical severityNVD Advisory· Published Jun 23, 2021· Updated Aug 3, 2024
CVE-2021-21809
CVE-2021-21809
Description
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Moodle/Moodledescription
- osv-coords2 versions
>= 3.10.0, < 3.10.1+ 1 more
- (no CPE)range: >= 3.10.0, < 3.10.1
- (no CPE)
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-c7jj-vfmr-j9mjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-21809ghsaADVISORY
- packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.htmlghsax_refsource_MISCWEB
- talosintelligence.com/vulnerability_reports/TALOS-2021-1277ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.