Moodle Arbitrary File Read via XML External Entity vulnerability

🗓️ 13 May 2022 01:40:12Reported by GitHub Advisory DatabaseType

Moodle vulnerability in 'locallib.php' allows remote file read via XML External Entit

Reporter	Title	Published	Views	Family All 22
Prion	Xxe	29 Jul 201411:10	–	prion
UbuntuCve	CVE-2014-3543	29 Jul 201400:00	–	ubuntucve
Veracode	XML External Entity (XXE) Injection	5 Jul 201707:41	–	veracode
NVD	CVE-2014-3543	29 Jul 201411:10	–	nvd
Cvelist	CVE-2014-3543	29 Jul 201410:00	–	cvelist
OSV	Moodle Arbitrary File Read via XML External Entity vulnerability	13 May 202201:12	–	osv
CVE	CVE-2014-3543	29 Jul 201411:10	–	cve
Tenable Nessus	Moodle < 2.4 / 2.4.x < 2.4.11 / 2.5.x < 2.5.7 / 2.6.x < 2.6.4 / 2.7.x < 2.7.1 Multiple Vulnerabilities	20 Apr 201500:00	–	nessus
Tenable Nessus	Fedora 19 : moodle-2.4.11-1.fc19 (2014-8609)	31 Jul 201400:00	–	nessus
Tenable Nessus	Fedora 20 : moodle-2.5.7-1.fc20 (2014-8601)	31 Jul 201400:00	–	nessus

Vulners

Node

moodle moodleRange≤2.4.10

moodle moodleRange2.5.0–2.5.6

moodle moodleRange2.6.0–2.6.3

moodle moodleMatch2.7.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-3543
moodle	www.moodle.org/mod/forum/discuss.php
openwall	www.openwall.com/lists/oss-security/2014/07/21/1
github	www.github.com/moodle/moodle/commit/595ef4772d330a20c757635ab090acdcc9b2a2fa
git	www.git.moodle.org/gw
github	www.github.com/advisories/GHSA-27j2-c838-c3qg

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 May 2022 01:12Current

6.9Medium risk

Vulners AI Score6.9

CVSS24.3

EPSS0.00313

CWE-611