Moodle is susceptible to directory traversal attacks. The attacks exist because the min_get_slash_argument()
function in lib/configonlylib.php
does not filter ..
(dot dot) in the file parameter, allowing read access of arbitrary files through it.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980
git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc
openwall.com/lists/oss-security/2015/02/04/15
openwall.com/lists/oss-security/2015/02/09/2
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980
moodle.org/mod/forum/discuss.php?d=279956