Lucene search
Veracode Vulnerability DatabaseVERACODE:4733HistoryJul 27, 2017 - 2:01 a.m.
Directory Traversal
2017-07-2702:01:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
EPSS
0.002
Percentile
54.9%
Moodle is susceptible to directory traversal attacks. The attacks exist because the min_get_slash_argument() function in lib/configonlylib.php does not filter .. (dot dot) in the file parameter, allowing read access of arbitrary files through it.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980
git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc
openwall.com/lists/oss-security/2015/02/04/15
openwall.com/lists/oss-security/2015/02/09/2
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980
moodle.org/mod/forum/discuss.php?d=279956
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0057)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2015-4613
2015-07-07 00:00:00
Fedora Update for moodle FEDORA-2015-4724
2015-04-06 00:00:00
osv
osv
Moodle directory traversal vulnerability
2022-05-13 01:12:45
prion
prion
Directory traversal
2015-06-01 19:59:00
github
github
Moodle directory traversal vulnerability
2022-05-13 01:12:45
cvelist
cvelist
CVE-2015-1493
2015-06-01 19:00:00
ubuntucve
ubuntucve
CVE-2015-1493
2015-06-01 00:00:00
cve
cve
CVE-2015-1493
2015-06-01 19:59:08
CVE-2015-0246
2015-02-09 15:59:00
nvd
nvd
CVE-2015-1493
2015-06-01 19:59:08
CVE-2015-0246
2015-02-09 15:59:00
mageia
mageia
Updated moodle packages fix CVE-2015-1493
2015-02-10 00:44:14
fedora
fedora
[SECURITY] Fedora 21 Update: moodle-2.7.7-1.fc21
2015-04-05 14:33:57
[SECURITY] Fedora 22 Update: moodle-2.8.5-1.fc22
2015-04-21 18:26:37
[SECURITY] Fedora 20 Update: moodle-2.6.10-1.fc20
2015-04-05 14:29:57
nessus
nessus
Fedora 20 : moodle-2.6.10-1.fc20 (2015-4530)
2015-04-07 00:00:00
Fedora 21 : moodle-2.7.7-1.fc21 (2015-4724)
2015-04-07 00:00:00
Fedora 22 : moodle-2.8.5-1.fc22 (2015-4613)
2015-04-22 00:00:00