4 matches found
EUVD-2022-1932
Malicious code in bioql PyPI...
Moodle Arbitrary File Read via XML External Entity vulnerability
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity...
Xxe
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity...
CVE-2014-3543
CVE-2014-3543 affects Moodle versions up to 2.7.1 (and earlier branches) via mod/imscp/locallib.php, where a package manifest containing an XML external entity declaration combined with an entity reference enables reading arbitrary files (XML External Entity issue affecting IMSCP resources/IMSCC)...