Description

The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.

Remediation

References

CVE-2012-6099

Related Vulnerabilities

WordPress Plugin SCORM Cloud For WordPress 'ajax.php' SQL Injection (1.0.6.6)

MySQL CVE-2019-2757 Vulnerability (CVE-2019-2757)

OpenSSL Improper Input Validation Vulnerability (CVE-2010-0740)

Apache HTTP Server Use After Free Vulnerability (CVE-2017-9789)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19995)

Severity

Medium

Classification

CVE-2012-6099 CWE-20

Tags

Missing Update Known Vulnerabilities