Description

The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.

Remediation

References

CVE-2006-4935

Related Vulnerabilities

Password Vault Cross-Site Scripting (1.8.2)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1915)

LimeSurvey Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-11455)

MySQL CVE-2014-2430 Vulnerability (CVE-2014-2430)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4401)

Severity

Critical

Classification

CVE-2006-4935 CWE-20

Tags

Missing Update Known Vulnerabilities