CVE-2012-6099
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
El convertidor de copia de seguridad "moodle1" en backup/converter/moodle1/lib.php de Moodle v2.1.x anterior a v2.1.10, v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 no valida correctamente las rutas, lo que permite a usuarios remotos autentificados leer ficheros arbitrarios aprovechándose de la funcionalidad de restauración de copias de seguridad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-06 CVE Reserved
- 2013-01-27 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977 | X_refsource_confirm | |
| http://openwall.com/lists/oss-security/2013/01/21/1 | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://moodle.org/mod/forum/discuss.php?d=220160 | 2020-12-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.0 Search vendor "Moodle" for product "Moodle" and version "2.1.0" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.1 Search vendor "Moodle" for product "Moodle" and version "2.1.1" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.2 Search vendor "Moodle" for product "Moodle" and version "2.1.2" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.3 Search vendor "Moodle" for product "Moodle" and version "2.1.3" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.4 Search vendor "Moodle" for product "Moodle" and version "2.1.4" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.5 Search vendor "Moodle" for product "Moodle" and version "2.1.5" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.6 Search vendor "Moodle" for product "Moodle" and version "2.1.6" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.7 Search vendor "Moodle" for product "Moodle" and version "2.1.7" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.8 Search vendor "Moodle" for product "Moodle" and version "2.1.8" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.1.9 Search vendor "Moodle" for product "Moodle" and version "2.1.9" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.2.0 Search vendor "Moodle" for product "Moodle" and version "2.2.0" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.2.1 Search vendor "Moodle" for product "Moodle" and version "2.2.1" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.2.2 Search vendor "Moodle" for product "Moodle" and version "2.2.2" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.2.3 Search vendor "Moodle" for product "Moodle" and version "2.2.3" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.2.4 Search vendor "Moodle" for product "Moodle" and version "2.2.4" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.2.5 Search vendor "Moodle" for product "Moodle" and version "2.2.5" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.2.6 Search vendor "Moodle" for product "Moodle" and version "2.2.6" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.3.0 Search vendor "Moodle" for product "Moodle" and version "2.3.0" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.3.1 Search vendor "Moodle" for product "Moodle" and version "2.3.1" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.3.2 Search vendor "Moodle" for product "Moodle" and version "2.3.2" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.3.3 Search vendor "Moodle" for product "Moodle" and version "2.3.3" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | 2.4.0 Search vendor "Moodle" for product "Moodle" and version "2.4.0" | - |
Affected
| ||||||