vulnerability
Moodle: Improper Input Validation (CVE-2022-35650)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jul 25, 2022 | Aug 3, 2022 | Jan 28, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jul 25, 2022
Added
Aug 3, 2022
Modified
Jan 28, 2025
Description
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
Solutions
moodle-upgrade-3_11_8moodle-upgrade-3_9_15moodle-upgrade-4_0_2
References
- CVE-2022-35650
- https://attackerkb.com/topics/CVE-2022-35650
- URL-http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2106274
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
- URL-https://moodle.org/mod/forum/discuss.php?d=436457
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.