Arbitrary File Read

2017-06-0706:05:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

46.1%

JSON

Moodle is vulnerable to arbitrary file reads. Authenticated users can read arbitrary files through the backup-restoration feature. This is because the backup/converter/moodle1/lib.php doesn’t correctly validate pathnames.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977

openwall.com/lists/oss-security/2013/01/21/1

moodle.org/mod/forum/discuss.php?d=220160

EPSS

0.001

Percentile

46.1%

JSON

Related for VERACODE:4389