Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6099

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-6099
Last Modified 28 Jan 2013 12:00:00
Published 27 Jan 2013 05:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-6099

Summary

The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.

Vulnerable Systems

Application

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.2

  • Moodle 2.1.3

  • Moodle 2.1.4

  • Moodle 2.1.5

  • Moodle 2.1.6

  • Moodle 2.1.7

  • Moodle 2.1.8

  • Moodle 2.1.9

  • Moodle 2.2

  • Moodle 2.2.1

  • Moodle 2.2.2

  • Moodle 2.2.3

  • Moodle 2.2.4

  • Moodle 2.2.5

  • Moodle 2.2.6

  • Moodle 2.3

  • Moodle 2.3.1

  • Moodle 2.3.2

  • Moodle 2.3.3

  • Moodle 2.4


References

CONFIRM - https://moodle.org/mod/forum/discuss.php?d=220160

MLIST - [oss-security] 20130121 Moodle security notifications public

CONFIRM - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977


Last Updated: 27 May 2016 11:01:44