CVE-2012-6099: Improper Input Validation
(updated )
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
References
- git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977
- openwall.com/lists/oss-security/2013/01/21/1
- github.com/advisories/GHSA-cr78-rphw-w73p
- github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10
- github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44
- moodle.org/mod/forum/discuss.php?d=220160
- nvd.nist.gov/vuln/detail/CVE-2012-6099
Code Behaviors & Features
Detect and mitigate CVE-2012-6099 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →