PT-2013-1889 · Moodle · Moodle
Dan Poltawski
·
Published
2013-01-27
·
Updated
2022-05-13
·
CVE-2012-6099
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.1.x through 2.1.9
Moodle versions 2.2.x through 2.2.6
Moodle versions 2.3.x through 2.3.3
Moodle versions 2.4.x through 2.4.0
Description
The issue is related to the moodle1 backup converter in Moodle, which does not properly validate pathnames. This allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
Recommendations
For Moodle versions 2.1.x through 2.1.9, update to version 2.1.10 or later.
For Moodle versions 2.2.x through 2.2.6, update to version 2.2.7 or later.
For Moodle versions 2.3.x through 2.3.3, update to version 2.3.4 or later.
For Moodle versions 2.4.x through 2.4.0, update to version 2.4.1 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle