Description
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
Remediation
References
Related Vulnerabilities
lightbox2 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9441)
WordPress Plugin Dbox 3D Slider Lite SQL Injection (1.2.2)
WordPress Plugin BSK PDF Manager Multiple Cross-Site Scripting Vulnerabilities (1.3)
MySQL CVE-2017-3329 Vulnerability (CVE-2017-3329)
WordPress Plugin WordPress prettyPhoto Cross-Site Scripting (1.1)