CVE-2022-35650

CVE Database · CVE-2022-35650

CVE-2022-35650

· HIGHModified

CVSS v3.1

7.5

EPSS

49.10%

Published

Jul 25, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-22CWE-20

Affected Products (5)

moodle · moodle (up to 3.9.15)vulnerable

moodle · moodle (up to 3.11.8)vulnerable

moodle · moodle (up to 4.0.2)vulnerable

fedoraproject · fedoravulnerable

References (10)

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029

PatchVendor Advisory