CVE-2022-35650
published 2022-07-25CVE-2022-35650: The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary…
PriorityP263high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
49.10%
98.7th percentile
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| moodle | moodle | — | — |
| moodle | moodle | >= 3.11 < 3.11.8 | 3.11.8 |
| moodle | moodle | >= 3.11.0 < 3.11.8 | 3.11.8 |
| moodle | moodle | >= 3.9 < 3.9.15 | 3.9.15 |
| moodle | moodle | >= 3.9.0 < 3.9.15 | 3.9.15 |
| moodle | moodle | >= 4.0 < 4.0.2 | 4.0.2 |
| moodle | moodle | >= 4.0.0 < 4.0.2 | 4.0.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Moodle Arbitrary file read when importing lesson questions
osv·2022-07-26
CVE-2022-35650 [HIGH] Moodle Arbitrary file read when importing lesson questions
Moodle Arbitrary file read when importing lesson questions
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
GHSA
Moodle Arbitrary file read when importing lesson questions
ghsa·2022-07-26
CVE-2022-35650 [HIGH] CWE-20 Moodle Arbitrary file read when importing lesson questions
Moodle Arbitrary file read when importing lesson questions
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
OSV
CVE-2022-35650: The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions
osv·2022-07-25·CVSS 7.5
CVE-2022-35650 [HIGH] CVE-2022-35650: The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029https://bugzilla.redhat.com/show_bug.cgi?id=2106274https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/https://moodle.org/mod/forum/discuss.php?d=436457http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029https://bugzilla.redhat.com/show_bug.cgi?id=2106274https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/https://moodle.org/mod/forum/discuss.php?d=436457
2022-07-25
Published