CVE-2022-35650

Description

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

Related CPE's

a moodle moodle ********

a moodle moodle ********

a moodle moodle ********

o fedoraproject fedora 35 *******

o fedoraproject fedora 36 *******

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2106274

Issue TrackingThird Party Advisory

https://moodle.org/mod/forum/discuss.php?d=436457

Vendor Advisory

FEDORA-2022-81ce74b2dd

Mailing ListThird Party Advisory

FEDORA-2022-7e7ce7df2e

Mailing ListThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io