Description

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.

Remediation

References

CVE-2013-4524

Related Vulnerabilities

Oracle JRE CVE-2013-2473 Vulnerability (CVE-2013-2473)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33507)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43716)

PHP NULL Pointer Dereference Vulnerability (CVE-2018-19395)

WordPress Plugin Theme Blvd Sliders Multiple Security Bypass Vulnerabilities (1.2.3)

Severity

Medium

Classification

CVE-2013-4524 CWE-22

Tags

Missing Update Known Vulnerabilities