CVE-2008-5153

Improper Link Resolution Before File Access ('Link Following') in packagist/moodle/moodle

Identifiers

GHSA-x7r4-26m9-hmgq, CVE-2008-5153

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Link Resolution Before File Access ('Link Following')

Description

spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.

Affected Versions

All versions starting from 1.6.0 before 1.6.9, all versions starting from 1.7.0 before 1.7.7, all versions starting from 1.8.0 before 1.8.8, all versions starting from 1.9.0 before 1.9.4

Solution

Upgrade to versions 1.8.8, 1.9.4, 1.6.9, 1.7.7 or above.

Last Modified

2024-02-20

source