WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Input Validation Vulnerability (CVE-2012-6099)

Description

The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.

Remediation

References

Related Vulnerabilities

WordPress Plugin iPanorama 360 WordPress Virtual Tour Builder Cross-Site Scripting (1.6.21)

WordPress Plugin Eu Cookie Notice Cross-Site Request Forgery (1.0.6)

WordPress Plugin Beaver Builder-WordPress Page Builder Security Bypass (1.7)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20098)

PostgreSQL Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2024-10979)

Severity

Medium

Classification

CVE-2012-6099 CWE-20

Tags

Missing Update Known Vulnerabilities