First published: Sun Jan 27 2013(Updated: )
The moodle1 backup converter in `backup/converter/moodle1/lib.php` in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
=2.1.0 | ||
=2.1.1 | ||
=2.1.2 | ||
=2.1.3 | ||
=2.1.4 | ||
=2.1.5 | ||
=2.1.6 | ||
=2.1.7 | ||
=2.1.8 | ||
=2.1.9 | ||
=2.2.0 | ||
=2.2.1 | ||
=2.2.2 | ||
=2.2.3 | ||
=2.2.4 | ||
=2.2.5 | ||
=2.2.6 | ||
=2.3.0 | ||
=2.3.1 | ||
=2.3.2 | ||
=2.3.3 | ||
=2.4.0 | ||
Moodle Moodle | =2.1.0 | |
Moodle Moodle | =2.1.1 | |
Moodle Moodle | =2.1.2 | |
Moodle Moodle | =2.1.3 | |
Moodle Moodle | =2.1.4 | |
Moodle Moodle | =2.1.5 | |
Moodle Moodle | =2.1.6 | |
Moodle Moodle | =2.1.7 | |
Moodle Moodle | =2.1.8 | |
Moodle Moodle | =2.1.9 | |
Moodle Moodle | =2.2.0 | |
Moodle Moodle | =2.2.1 | |
Moodle Moodle | =2.2.2 | |
Moodle Moodle | =2.2.3 | |
Moodle Moodle | =2.2.4 | |
Moodle Moodle | =2.2.5 | |
Moodle Moodle | =2.2.6 | |
Moodle Moodle | =2.3.0 | |
Moodle Moodle | =2.3.1 | |
Moodle Moodle | =2.3.2 | |
Moodle Moodle | =2.3.3 | |
Moodle Moodle | =2.4.0 | |
composer/moodle/moodle | >=2.1<=2.1.9 | 2.1.10 |
composer/moodle/moodle | >=2.2<=2.2.6 | 2.2.7 |
composer/moodle/moodle | >=2.3<=2.3.3 | 2.3.4 |
composer/moodle/moodle | =2.4 | 2.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.