Description

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

Remediation

References

CVE-2022-35650

Related Vulnerabilities

PleskLin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35976)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1407)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.6)

WordPress Plugin Contact Form 7 Database Addon-CFDB7 CSV Injection (1.2.5.5)

Joomla CVE-2009-3945 Vulnerability (CVE-2009-3945)

Severity

High

Classification

CVE-2022-35650 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities