Description

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.

Remediation

References

CVE-2015-2267

Related Vulnerabilities

WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)

PostgreSQL Insufficiently Protected Credentials Vulnerability (CVE-2021-23222)

Apache HTTP Server CVE-2018-1283 Vulnerability (CVE-2018-1283)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.3)

WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)

Severity

Medium

Classification

CVE-2015-2267 CWE-284

Tags

Missing Update Known Vulnerabilities