Arbitrary File Read Affecting moodle/moodle package, versions <3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
Snyk CVSS
Attack Complexity
Low
Privileges Required
High
Confidentiality
High
Threat Intelligence
EPSS
0.07% (28th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-MOODLEMOODLE-2359045
- published 23 Jan 2022
- disclosed 23 Jan 2022
- credit raisin_bugbounty
Introduced: 23 Jan 2022
CVE-2021-40694 Open this link in a new tabHow to fix?
Upgrade moodle/moodle
to version 3.9.10, 3.10.7, 3.11.3 or higher.
Overview
moodle/moodle is a learning platform.
Affected versions of this package are vulnerable to Arbitrary File Read via insufficient escaping of the LaTeX preamble. Site administrators are able to read files available to the HTTP server system account.