CVE-2023-28330

Moodle arbitrary file read vulnerability in packagist/moodle/moodle

Identifiers

CVE-2023-28330, GHSA-56r9-72vx-q989

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle arbitrary file read vulnerability

Description

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

Affected Versions

All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2

Solution

Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.

Last Modified

2023-03-24

source