CVE-2025-67851 - Moodle: moodle: formula injection allows arbitrary formula execution via unescap...

CVE ID : CVE-2025-67851 Published : Feb. 3, 2026, 11:15 a.m. | 1 hour, 35 minutes ago Description : A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet. Severity: 6.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...