9 matches found
Moodle allows attackers to extract archives to arbitrary directories
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
GHSA-CM4R-58PJ-H2PH Moodle allows attackers to extract archives to arbitrary directories
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
Moodle 'mdeploy.php' Security Bypass Vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security bypass vulnerability exists in the Moodle 'mdeploy.php' script. A remote attacker with a specially crafted 'dataroot' value...
CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
UBUNTU-CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
Design/Logic Flaw
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
CVE-2015-2267
CVE-2015-2267 affects Moodle via mdeploy.php. Affected: Moodle up to 2.5.9; 2.6.x before 2.6.9; 2.7.x before 2.7.6; 2.8.x before 2.8.4. Remote authenticated users could bypass access restrictions and extract archives to arbitrary directories by supplying a crafted dataroot value. The connected do...
CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...