Lucene search
Veracode Vulnerability DatabaseVERACODE:4545HistoryJul 06, 2017 - 9:49 a.m.
Sanitization Bypass
2017-07-0609:49:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
EPSS
0.007
Percentile
80.2%
Moodle is vulnerable to sanitization bypass. The library does not filter file names of submissions when multiple files are uploaded. This can allow a malicious user to bypass the sanitization checks.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885
lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
openwall.com/lists/oss-security/2013/05/21/1
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885
moodle.org/mod/forum/discuss.php?d=228935
Related
prion
prion
Cross site request forgery (csrf)
2013-05-25 03:18:00
ubuntucve
ubuntucve
CVE-2013-2083
2013-05-25 00:00:00
cve
cve
CVE-2013-2083
2013-05-25 03:18:15
osv
osv
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class
2022-05-13 01:12:59
nvd
nvd
CVE-2013-2083
2013-05-25 03:18:15
cvelist
cvelist
CVE-2013-2083
2013-05-25 01:00:00
github
github
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class
2022-05-13 01:12:59
fedora
fedora
[SECURITY] Fedora 19 Update: moodle-2.4.4-1.fc19
2013-05-29 03:03:38
[SECURITY] Fedora 17 Update: moodle-2.2.10-1.fc17
2013-05-29 01:02:13
[SECURITY] Fedora 18 Update: moodle-2.3.7-1.fc18
2013-05-29 00:59:53
mageia
mageia
Updated moodle package fix security vulnerabilities
2013-06-06 16:24:33
nessus
nessus
Fedora 18 : moodle-2.3.7-1.fc18 (2013-8702)
2013-05-29 00:00:00
Fedora 17 : moodle-2.2.10-1.fc17 (2013-8692)
2013-05-29 00:00:00
Fedora 19 : moodle-2.4.4-1.fc19 (2013-8668)
2013-05-29 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0162)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2013-8702
2013-05-31 00:00:00
Fedora Update for moodle FEDORA-2013-8692
2013-05-31 00:00:00