Moodle Arbitrary File Read via XML External Entity vulnerability

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity...

CVE-2015-5266

The CVE-2015-5266 entry concerns Moodle’s enrol_meta_sync in enrol/meta/locallib.php. Affected releases include Moodle 2.6.11 and 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2. The vulnerability arises from incorrect role processing during a long-running synchronization script, ...

Xxe

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity...

CVE-2011-3757

Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files...

Information disclosure

Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files...