icon

We found results for “

CVE-2015-1493

Good to know:

icon

Date: June 1, 2015

Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version 2.6.8,2.7.5,2.8.3

Learn More

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): COMPLETE
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us