CVE-2014-3543

Опубликовано: 29 июл. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 2.3.11 (включая)

cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.3.10:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.4.10:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00427

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2014-3543

ubuntu

около 11 лет назад

CVE-2014-3543

debian

около 11 лет назад

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...

GHSA-27j2-c838-c3qg

github

больше 3 лет назад

Moodle Arbitrary File Read via XML External Entity vulnerability

EPSS

Процентиль: 62%

0.00427

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200