Описание
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.5.4-1ubuntu1 |
| cosmic | not-affected | 2.5.4-1ubuntu1 |
| devel | not-affected | 2.5.4-1ubuntu1 |
| esm-apps/bionic | not-affected | 2.5.4-1ubuntu1 |
| esm-apps/xenial | not-affected | 2.5.4-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [2.5.4-1ubuntu1]] |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| natty | ignored | end of life |
Показывать по
10
EPSS
Процентиль: 50%
0.00269
Низкий
4 Medium
CVSS2
Связанные уязвимости
nvd
почти 13 лет назад
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.
debian
почти 13 лет назад
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether re ...
EPSS
Процентиль: 50%
0.00269
Низкий
4 Medium
CVSS2