Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export
Vulnerability Description
A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
Vulnerability Type
CWE-1236
Vulnerability Title
Moodle 安全漏洞
Vulnerability Description
Moodle是Moodle开源的一套免费的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle存在安全漏洞,该漏洞源于数据字段导出时未正确转义,可能导致公式注入攻击,从而破坏数据完整性并在电子表格中执行意外操作。
CVSS Information
N/A
Vulnerability Type
N/A