Description

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.

Remediation

References

CVE-2014-3543

Related Vulnerabilities

WordPress Plugin Contact Form by WPForms-Drag & Drop Form Builder for WordPress Cross-Site Scripting (1.4.7.2)

WordPress Plugin Link Juice Keeper Cross-Site Scripting (2.0.2)

WordPress Plugin Slimstat Analytics Cross-Site Scripting (4.1.5.2)

Jboss EAP Credentials Management Errors Vulnerability (CVE-2009-5066)

WordPress Plugin Widgets for WooCommerce Products on Elementor Cross-Site Scripting (1.0.7)

Severity

Medium

Classification

CVE-2014-3543 CWE-200

Tags

Missing Update Known Vulnerabilities