Lucene search
GoogleOSV:GHSA-CR78-RPHW-W73PHistoryMay 13, 2022 - 1:12 a.m.
Moodle Arbitrary File Read via Backup Functionality
2022-05-1301:12:55
Google
osv.dev
6
moodle
arbitrary file read
backup functionality
remote authenticated users
pathnames validation
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977
openwall.com/lists/oss-security/2013/01/21/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10
github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44
moodle.org/mod/forum/discuss.php?d=220160
nvd.nist.gov/vuln/detail/CVE-2012-6099
Related
cvelist
cvelist
CVE-2012-6099
2013-01-27 22:00:00
veracode
veracode
Arbitrary File Read
2017-06-07 06:05:36
prion
prion
Design/Logic Flaw
2013-01-27 22:55:00
nvd
nvd
CVE-2012-6099
2013-01-27 22:55:03
github
github
Moodle Arbitrary File Read via Backup Functionality
2022-05-13 01:12:55
ubuntucve
ubuntucve
CVE-2012-6099
2013-01-27 00:00:00
cve
cve
CVE-2012-6099
2013-01-27 22:55:03
nessus
nessus
Moodle 2.1.x < 2.1.10 Multiple Vulnerabilities
2016-07-21 00:00:00
Moodle 2.2.x < 2.2.7 Multiple Vulnerabilities
2016-07-21 00:00:00
Moodle 2.3.x < 2.3.4 Multiple Vulnerabilities
2016-07-21 00:00:00