9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-3943

GHSA ID

GHSA-8jhp-2gcr-qw96

EPSS Score

0.77952%

CWE

CWE-20

Published

11/23/2021

Updated

7/11/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-3943

CVE-2021-3943:
Moodle vulnerable to RCE via unsafe deserialization

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-3943

GHSA ID

GHSA-8jhp-2gcr-qw96

EPSS Score

0.77952%

CWE

CWE-20

Published

11/23/2021

Updated

7/11/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
moodle/moodle	composer	>= 3.11, <= 3.11.3	3.11.4
moodle/moodle	composer	>= 3.10, <= 3.10.7	3.10.8
moodle/moodle	composer	>= 3.9, <= 3.9.10	3.9.11

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unsafe use of PHP's native unserialize() on user-controlled backup data (configdata). The commit diff shows multiple instances where unserialize(base64_decode(...)) was replaced with a safer unserialize_object() wrapper. The affected functions directly deserialize backup content without proper validation, enabling malicious object injection. Key files showing this pattern include restore_stepslib.php (core backup handling) and several block implementations (HTML, RSS client) that process serialized configdata.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in Moo*l* in v*rsions *.** to *.**.*, *.** to *.**.*, *.* to *.*.** *n* **rli*r unsupport** v*rsions. * r*mot* *o** *x**ution risk w**n r*storin* ***kup *il*s w*s i**nti*i**.

Reasoning

T** vuln*r**ility st*ms *rom uns*** us* o* P*P's n*tiv* uns*ri*liz*() on us*r-*ontroll** ***kup **t* (*on*i***t*). T** *ommit *i** s*ows multipl* inst*n**s w**r* uns*ri*liz*(**s***_***o**(...)) w*s r*pl**** wit* * s***r uns*ri*liz*_o*j**t() wr*pp*r.

9.8

Basic Information

Concerned about an active attack path?

CVE-2021-3943: Moodle vulnerable to RCE via unsafe deserialization

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2021-3943:
Moodle vulnerable to RCE via unsafe deserialization

Vulnerability Intelligence
Miggo AI