Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2014-3543 - Vulnerability Database
Moodle

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2014-3543

Medium
Reference: CVE-2014-3543
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-3543
Title: Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

mod/imscp/locallib.php in Moodle through 2.3.11 2.4.x before 2.4.11 2.5.x before 2.5.7 2.6.x before 2.6.4 and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.