Description
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-0426 Vulnerability (CVE-2013-0426)
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.7)
WordPress Plugin WPtouch Cross-Site Scripting (3.7.5.3)
WordPress Plugin Websimon Tables Cross-Site Scripting (1.3.4)
WordPress Plugin Storefront Footer Text Cross-Site Scripting (1.0.1)