Description

spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.

Remediation

References

CVE-2008-5153

Related Vulnerabilities

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3579)

Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3177)

WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)

WordPress 4.1.x PHP Object Injection (4.1 - 4.1.32)

Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2022-37783)

Severity

Medium

Classification

CVE-2008-5153 CWE-59

Tags

Missing Update Known Vulnerabilities