Miggo Logo
Miggo Vulnerability Database
CVE-2022-35649

CVE-2022-35649: Moodle PostScript Code Injection

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-35649
GHSA ID
GHSA-xp2f-9mx3-3c6p
EPSS Score
0.88571%
CWE
CWE-20
Published
7/26/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.9, < 3.9.153.9.15
moodle/moodlecomposer>= 3.11, < 3.11.83.11.8
moodle/moodlecomposer>= 4.0, < 4.0.24.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper GhostScript parameterization during PostScript processing. While exact commit diffs aren't available, Moodle's security bulletin references MDL-75044 which typically indicates internal tracking numbers. The pattern matches known GhostScript vulnerabilities where missing -dSAFER enables code execution. The file path aligns with Moodle's architecture for document conversion handling, and the severity/description implies direct command line construction vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** vuln*r**ility w*s *oun* in Moo*l*, o**urs *u* to improp*r input v*li**tion w**n p*rsin* PostS*ript *o**. *n omitt** *x**ution p*r*m*t*r r*sults in * r*mot* *o** *x**ution risk *or sit*s runnin* **ostS*ript v*rsions ol**r t**n *.**. Su***ss*ul *xp

Reasoning

T** vuln*r**ility st*ms *rom improp*r **ostS*ript p*r*m*t*riz*tion *urin* PostS*ript pro**ssin*. W*il* *x**t *ommit *i**s *r*n't *v*il**l*, Moo*l*'s s**urity *ull*tin r***r*n**s M*L-***** w*i** typi**lly in*i**t*s int*rn*l tr**kin* num**rs. T** p*tt*