GoogleOSV:GHSA-CM4R-58PJ-H2PHMoodle allows attackers to extract archives to arbitrary directories
6.4 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
43.9%
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087
openwall.com/lists/oss-security/2015/03/16/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/12a8fcb5e45c58ee8267ad0472852c2b80a19878
github.com/moodle/moodle/commit/240e7be7341afa31096fdbf3f242a7966f6237ab
github.com/moodle/moodle/commit/4475f1e478370fb97933127ec60e40f39e285da1
github.com/moodle/moodle/commit/76da7e9bc88669eab62f83f04639ba356a0b0c5a
github.com/moodle/moodle/commit/83866c3c2a5b1391317172eea0b4f017c6d142d2
github.com/moodle/moodle/commit/84f9f60b67e1e20058fbe2afa473607d075aff63
github.com/moodle/moodle/commit/8d9bdd28e049ca6b6b2a4ab8f142097c2f907df6
github.com/moodle/moodle/commit/a47aabc7833d0c88a83791d99a1204742c33f59b
github.com/moodle/moodle/commit/c353a6202658f320096a41e94494063393153b7f
github.com/moodle/moodle/commit/de169b7944e36d374d55e3f396d90ab2b4303afb
moodle.org/mod/forum/discuss.php?d=307381
nvd.nist.gov/vuln/detail/CVE-2015-2267
Related
6.4 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
43.9%