Lucene search
RedhatCVE-2012-6099HistoryJan 27, 2013 - 10:55 p.m.
CVE-2012-6099
2013-01-2722:55:03
CWE-20
redhat
web.nvd.nist.gov
29
cve-2012-6099
moodle
backup converter
unauthorized access
nvd
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.001
Percentile
46.1%
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
Affected configurations
Node
moodlemoodleMatch2.1.0
ORmoodlemoodleMatch2.1.1
ORmoodlemoodleMatch2.1.2
ORmoodlemoodleMatch2.1.3
ORmoodlemoodleMatch2.1.4
ORmoodlemoodleMatch2.1.5
ORmoodlemoodleMatch2.1.6
ORmoodlemoodleMatch2.1.7
ORmoodlemoodleMatch2.1.8
ORmoodlemoodleMatch2.1.9
Node
moodlemoodleMatch2.2.0
ORmoodlemoodleMatch2.2.1
ORmoodlemoodleMatch2.2.2
ORmoodlemoodleMatch2.2.3
ORmoodlemoodleMatch2.2.4
ORmoodlemoodleMatch2.2.5
ORmoodlemoodleMatch2.2.6
Node
moodlemoodleMatch2.3.0
ORmoodlemoodleMatch2.3.1
ORmoodlemoodleMatch2.3.2
ORmoodlemoodleMatch2.3.3
Node
moodlemoodleMatch2.4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moodle | moodle | 2.1.0 | cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.1 | cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.2 | cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.3 | cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.4 | cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.5 | cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.6 | cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.7 | cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.8 | cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:* |
| moodle | moodle | 2.1.9 | cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:* |
Related
osv
osv
Moodle Arbitrary File Read via Backup Functionality
2022-05-13 01:12:55
cvelist
cvelist
CVE-2012-6099
2013-01-27 22:00:00
veracode
veracode
Arbitrary File Read
2017-06-07 06:05:36
prion
prion
Design/Logic Flaw
2013-01-27 22:55:00
nvd
nvd
CVE-2012-6099
2013-01-27 22:55:03
github
github
Moodle Arbitrary File Read via Backup Functionality
2022-05-13 01:12:55
ubuntucve
ubuntucve
CVE-2012-6099
2013-01-27 00:00:00
nessus
nessus
Moodle 2.1.x < 2.1.10 Multiple Vulnerabilities
2016-07-21 00:00:00
Moodle 2.2.x < 2.2.7 Multiple Vulnerabilities
2016-07-21 00:00:00
Moodle 2.3.x < 2.3.4 Multiple Vulnerabilities
2016-07-21 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.001
Percentile
46.1%
Related for CVE-2012-6099