Description

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.

Remediation

References

CVE-2015-2267

Related Vulnerabilities

Oracle HTTP Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-4181)

Undertow Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859)

WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.5)

phpMyAdmin CVE-2013-3238 Vulnerability (CVE-2013-3238)

WordPress Plugin Super Refer A Friend Information Disclosure (1.0)

Severity

Medium

Classification

CVE-2015-2267 CWE-284

Tags

Missing Update Known Vulnerabilities