First published: Tue Nov 18 2008(Updated: )
`spell-check-logic.cgi` in Moodle 1.9 before 1.9.4, 1.8 before 1.8.8, 1.7 before 1.7.7 and 1.6 before 1.6.9 allows local users to overwrite arbitrary files via a symlink attack on the (1) `/tmp/spell-check-debug.log`, (2) `/tmp/spell-check-before`, or (3) `/tmp/spell-check-after` temporary file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | =1.8.2 | |
composer/moodle/moodle | >=1.6.0<1.6.9 | 1.6.9 |
composer/moodle/moodle | >=1.7.0<1.7.7 | 1.7.7 |
composer/moodle/moodle | >=1.8.0<1.8.8 | 1.8.8 |
composer/moodle/moodle | >=1.9.0<1.9.4 | 1.9.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.