May 2018 – Moodle security announcements

LMS (Learning Management System) become popular because it wasn’t limit learning area and time zone. Learner or student can start the tution when computer connect to internet. Such learning atomosphere are popular in the world. LMS not restricted to high school and university educations. It also covered internal training in business environment. Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License. Education authority can download the software onto your own web server. Moodle does not generate SCORM content. Moodle presents the content in SCORM packages to learners, and saves data from learner interactions with the SCORM package.

SCORM content can be delivered to learners via any SCORM-compliant Learning Management System (LMS) using the same version of SCORM.

The market share shown that Moodle open source growth in significant recently. However there are vulnerabilites occurs in Moodle. Now please download version 3.5 because it fixed the design bug. Bug details shown as below :

Portfolio script allows instantiation of class chosen by user – https://moodle.org/mod/forum/discuss.php?d=371204

User can shift a block from Dashboard to any page – https://moodle.org/mod/forum/discuss.php?d=371202

Users can download any file via portfolio assignment caller class – https://moodle.org/mod/forum/discuss.php?d=371200

Portfolio forum caller class allows a user to download any file – https://moodle.org/mod/forum/discuss.php?d=371201

Calculated question type allows remote code execution by Question authors – https://moodle.org/mod/forum/discuss.php?d=371199