Description

In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.

Remediation

References

CVE-2016-8642

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2016-8869)

phpBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2002-2255)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-10705)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7871)

Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)

Severity

Medium

Classification

CVE-2016-8642 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities