What is CVE-2016-8642?

CVE-2016-8642 is a vulnerability in Moodle versions 2.x and 3.x where the question engine improperly allows access to restricted files.

What severity level is associated with CVE-2016-8642?

CVE-2016-8642 has been rated as a medium severity vulnerability.

To fix CVE-2016-8642, it is recommended to upgrade Moodle to the latest version where the vulnerability has been addressed.

CVE-2016-8642 affects Moodle versions 2.7.16 and earlier, and specific 2.8.x versions up to 2.9.8.

CVE-2016-8642 can be exploited by attackers who have certain access levels, making it a significant risk if proper access controls are not enforced.

5.3

CWE

284

20/1/2017

13/5/2022

6/8/2024

First published: Fri Jan 20 2017(Updated: )

In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.

Credit: secalert@redhat.com

What is CVE-2016-8642?
CVE-2016-8642 is a vulnerability in Moodle versions 2.x and 3.x where the question engine improperly allows access to restricted files.
What severity level is associated with CVE-2016-8642?
CVE-2016-8642 has been rated as a medium severity vulnerability.
How do I fix CVE-2016-8642?
To fix CVE-2016-8642, it is recommended to upgrade Moodle to the latest version where the vulnerability has been addressed.
Which versions of Moodle are affected by CVE-2016-8642?
CVE-2016-8642 affects Moodle versions 2.7.16 and earlier, and specific 2.8.x versions up to 2.9.8.
Is CVE-2016-8642 easy to exploit?
CVE-2016-8642 can be exploited by attackers who have certain access levels, making it a significant risk if proper access controls are not enforced.