Description

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

CVE-2014-3542

Related Vulnerabilities

PHP Other Vulnerability (CVE-2003-0097)

WebLogic CVE-2022-21252 Vulnerability (CVE-2022-21252)

WordPress Plugin Booking Calendar Cross-Site Request Forgery (9.2.1)

MySQL CVE-2015-4890 Vulnerability (CVE-2015-4890)

Dolibarr Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-4197)

Severity

Medium

Classification

CVE-2014-3542 CWE-200

Tags

Missing Update Known Vulnerabilities