The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 2.1.1 |
||
moodle moodle 2.1.8 |
||
moodle moodle 2.1.3 |
||
moodle moodle 2.1.0 |
||
moodle moodle 2.1.5 |
||
moodle moodle 2.1.4 |
||
moodle moodle 2.1.6 |
||
moodle moodle 2.1.2 |
||
moodle moodle 2.1.7 |
||
moodle moodle 2.1.9 |
||
moodle moodle 2.2.4 |
||
moodle moodle 2.2.5 |
||
moodle moodle 2.2.0 |
||
moodle moodle 2.2.3 |
||
moodle moodle 2.2.2 |
||
moodle moodle 2.2.1 |
||
moodle moodle 2.2.6 |
||
moodle moodle 2.3.2 |
||
moodle moodle 2.3.3 |
||
moodle moodle 2.3.1 |
||
moodle moodle 2.3.0 |
||
moodle moodle 2.4.0 |