Lucene search
Veracode Vulnerability DatabaseVERACODE:37346HistorySep 30, 2022 - 5:23 a.m.
Arbitrary File Read
2022-09-3005:23:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
0.001 Low
EPSS
Percentile
28.4%
moodle/moodle is vulnerable to information disclosure. The vulnerability exists in the temp_dir parameter inlatex.php due to a lack of validation in external database authentication which allows an attacker to gain access to the files and read sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | v3.11.2 | |
| moodle/moodle | le | v3.9.9 | |
| moodle/moodle | le | v3.10.6 | |
| moodle/moodle | le | v3.11.2 | |
| moodle/moodle | le | v3.9.9 | |
| moodle/moodle | le | v3.10.6 |
References
bugzilla.redhat.com/show_bug.cgi?id=2043421
github.com/advisories/GHSA-m37g-mwcg-7j7v
github.com/moodle/moodle/commit/272780993dfd634021e2c526d5a3e398c581c766
github.com/moodle/moodle/commit/cd7fa2e5133a7a2bdb1f8532b29e2548dcb4d407
github.com/moodle/moodle/commit/e514e6951c38f8a1ae9b36d8cc3e9d86c3be5205
github.com/moodle/moodle/commit/ed3ee9dd5ca4d2179b26e5bbb04b12d4621be836
moodle.org/mod/forum/discuss.php?d=427106
Related
osv
osv
CVE-2021-40694
2022-09-29 03:15:14
BIT-moodle-2021-40694
2024-03-06 11:07:09
Moodle Improper Encoding or Escaping of Output
2022-09-30 00:00:29
prion
prion
Design/Logic Flaw
2022-09-29 03:15:00
cve
cve
CVE-2021-40694
2022-09-29 03:15:14
nvd
nvd
CVE-2021-40694
2022-09-29 03:15:14
ubuntucve
ubuntucve
CVE-2021-40694
2022-09-29 00:00:00
github
github
Moodle Improper Encoding or Escaping of Output
2022-09-30 00:00:29
cvelist
cvelist
CVE-2021-40694
2022-01-21 18:17:34
nessus
nessus
Moodle 3.11.x < 3.11.3 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.9.x < 3.9.10 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.10.x < 3.10.7 Multiple Vulnerabilities
2023-02-20 00:00:00
openvas
openvas
Moodle Session Hijack Vulnerability (MSA-21-0032)
2023-08-16 00:00:00