10 matches found
Moodle allows attackers to extract archives to arbitrary directories
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
GHSA-CM4R-58PJ-H2PH Moodle allows attackers to extract archives to arbitrary directories
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
The vulnerability of the Moodle learning management system allows a hacker to bypass existing access restrictions and retrieve archives from arbitrary directories.
The vulnerability of the mdeploy.php sub-component of the Moodle learning management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass existing access restrictions and extract archives from arbitrary directories...
Moodle 'mdeploy.php' Security Bypass Vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security bypass vulnerability exists in the Moodle 'mdeploy.php' script. A remote attacker with a specially crafted 'dataroot' value...
CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
UBUNTU-CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
Design/Logic Flaw
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...
CVE-2015-2267
CVE-2015-2267 affects Moodle via mdeploy.php. Affected: Moodle up to 2.5.9; 2.6.x before 2.6.9; 2.7.x before 2.7.6; 2.8.x before 2.8.4. Remote authenticated users could bypass access restrictions and extract archives to arbitrary directories by supplying a crafted dataroot value. The connected do...