Description
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin Lara's Google Analytics Cross-Site Scripting (2.0.4)
WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Cross-Site Scripting (2.8.2.2)
WebLogic CVE-2021-2214 Vulnerability (CVE-2021-2214)
WordPress Plugin PollDeep Arbitrary File Upload (1.2)
OpenSSL Inadequate Encryption Strength Vulnerability (CVE-2014-0224)