Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2014-3542 - Vulnerability Database
Moodle

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2014-3542

Medium
Reference: CVE-2014-3542
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-3542
Title: Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

mod/lti/service.php in Moodle through 2.3.11 2.4.x before 2.4.11 2.5.x before 2.5.7 2.6.x before 2.6.4 and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference related to an XML External Entity (XXE) issue.