Description

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.

Remediation

References

CVE-2015-2267

Related Vulnerabilities

WordPress Plugin Windows Desktop and iPhone Photo Uploader Arbitrary File Upload (1.8)

WordPress Plugin Support Ticket System Multiple SQL Injection Vulnerabilities (1.2)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23622)

WordPress Plugin Simple Job Board Cross-Site Scripting (2.9.4)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9456)

Severity

Medium

Classification

CVE-2015-2267 CWE-284

Tags

Missing Update Known Vulnerabilities