4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Moodle is susceptible to XML external entity (XXE) injection attacks. The attacks exist because mod/imscp/locallib.php
does not filter the input XML files to the IMSCC course format or the IMSCP resource, thereby allowing attackers to input malicious XML files and read server-side files.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 2.7.0 | |
moodle/moodle | le | 2.5.6 | |
moodle/moodle | le | 2.3.11 | |
moodle/moodle | le | 2.6.3 | |
moodle/moodle | le | 2.4.10 |