GHSA-x7r4-26m9-hmgq, CVE-2008-5153
packagist/moodle/moodle
Improper Link Resolution Before File Access ('Link Following')
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
All versions starting from 1.6.0 before 1.6.9, all versions starting from 1.7.0 before 1.7.7, all versions starting from 1.8.0 before 1.8.8, all versions starting from 1.9.0 before 1.9.4
Upgrade to versions 1.8.8, 1.9.4, 1.6.9, 1.7.7 or above.
2024-02-20
source |