6.4 Medium
AI Score
Confidence
Low
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
spell-check-logic.cgi
in Moodle 1.9 before 1.9.4, 1.8 before 1.8.8, 1.7 before 1.7.7 and 1.6 before 1.6.9 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log
, (2) /tmp/spell-check-before
, or (3) /tmp/spell-check-after
temporary file.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | lt | 1.6.9 | |
moodle/moodle | lt | 1.7.7 | |
moodle/moodle | lt | 1.8.8 | |
moodle/moodle | lt | 1.9.4 |
lists.debian.org/debian-devel/2008/08/msg00347.html
www.debian.org/security/2009/dsa-1724
exchange.xforce.ibmcloud.com/vulnerabilities/46708
github.com/advisories/GHSA-x7r4-26m9-hmgq
nvd.nist.gov/vuln/detail/CVE-2008-5153
web.archive.org/web/20090821033319/secunia.com/advisories/33955
web.archive.org/web/20110511083352/uvw.ru/report.sid.txt
web.archive.org/web/20141121115305/www.securityfocus.com/bid/32402