EPSS
Percentile
46.1%
Moodle is vulnerable to arbitrary file reads. Authenticated users can read arbitrary files through the backup-restoration feature. This is because the backup/converter/moodle1/lib.php doesn’t correctly validate pathnames.
backup/converter/moodle1/lib.php
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977
openwall.com/lists/oss-security/2013/01/21/1
moodle.org/mod/forum/discuss.php?d=220160