CVSS: 4.0EPSS: 0%CPEs: 22EXPL: 0CVE-2012-6099
https://notcve.org/view.php?id=CVE-2012-6099
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. El convertidor de copia de seguridad "moodle1" en backup/converter/moodle1/lib.php de Moodle v2.1.x anterior a v2.1.10, v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 no valida correctamente las rutas, lo que permite a usuarios remotos autentificados leer ficheros arbitrarios aprovechándose de la funcionalidad de restauración de copias de seguridad. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220160 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 40EXPL: 0CVE-2012-6098
https://notcve.org/view.php?id=CVE-2012-6098
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. grade/edit/outcome/edit_form.php en Moodle v1.9.x a la v1.9.19, 2.1.x anterior a v2.1.10, v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 no maneja adecuadamente los requisitos "moodle/grade:manage capability", lo que permite a usuarios remotos autentificados convertir los resultados personalizados en el estándar de todo el sitio mediante el aprovechamiento de los resultados del rol de profesor y utilizando la funcionalidad de reeditar. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220158 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2012-6104
https://notcve.org/view.php?id=CVE-2012-6104
blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. blog/rsslib.php en Moodle v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.1 y antes de v2.4.x , permite a atacantes remotos obtener información sensible de los blogs a nivel de sitio, aprovechando el papel de la huésped y de la lectura un feed RSS. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220165 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0CVE-2012-6105
https://notcve.org/view.php?id=CVE-2012-6105
blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. blog/rsslib.php en Moodle v2.1.x antes de v2.1.10, v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.x antes de v2.4.1 que continúa proporcionando un canal de blog RSS después de blogging se desactive , que permite a atacantes remotos obtener información sensible mediante la lectura de este feed. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37467 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0CVE-2012-6100
https://notcve.org/view.php?id=CVE-2012-6100
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. report/outline/index.php en Moodle v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 o se aplican correctamente el requisito "moodle/user:viewhiddendetails capability", lo que permite a atacantes remotos autentificados descubrir un valor oculto "lastaccess" a través de la lectura del reporte de actividad. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220161 • CWE-264: Permissions, Privileges, and Access Controls •