cbcvebase.
CVE-2022-35650
published 2022-07-25

CVE-2022-35650: The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary…

PriorityP263high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
49.10%
98.7th percentile
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

Affected

9 ranges
VendorProductVersion rangeFixed in
fedoraprojectfedora
fedoraprojectfedora
moodlemoodle
moodlemoodle>= 3.11 < 3.11.83.11.8
moodlemoodle>= 3.11.0 < 3.11.83.11.8
moodlemoodle>= 3.9 < 3.9.153.9.15
moodlemoodle>= 3.9.0 < 3.9.153.9.15
moodlemoodle>= 4.0 < 4.0.24.0.2
moodlemoodle>= 4.0.0 < 4.0.24.0.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.