CVE-2015-3181

Опубликовано: 01 июн. 2015

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 2.5.9 (включая)

cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2015-3181

ubuntu

около 10 лет назад

CVE-2015-3181

debian

около 10 лет назад

files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2. ...

GHSA-622h-cjgg-5mx6

github

больше 3 лет назад

Moodle allows attackers to bypass file-management restrictions

BDU:2015-10894

fstec

около 10 лет назад

Уязвимость системы управления обучением Мoodle, позволяющая нарушителю обойти ограничения доступа к управлению файлами

EPSS

Процентиль: 55%

0.00328

Низкий

4 Medium

CVSS2

Дефекты

CWE-264