The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
Max CVSS
7.5
EPSS Score
0.29%
Published
2022-07-25
Updated
2022-12-21
Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts.
Max CVSS
6.8
EPSS Score
0.18%
Published
2015-06-01
Updated
2020-12-01
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.
Max CVSS
6.8
EPSS Score
0.48%
Published
2013-11-26
Updated
2020-12-01
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
Max CVSS
5.0
EPSS Score
0.32%
Published
2004-12-31
Updated
2020-12-01
4 vulnerabilities found