Home > Vulnerability Database > CVE-2014-0216

Mend.io Vulnerability Database

CVE-2014-0216

Date: May 26, 2014

The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.

Language: PHP

Severity Score

5.3

Related Resources (10)

Url: https://github.com/moodle/moodle/commit/7b9acc77efe06f7be7070032b05c3159e0a6d415

Url: http://openwall.com/lists/oss-security/2014/05/19/1

Url: https://github.com/moodle/moodle/commit/40ad22fdd0d9ed569b2ad0ff6ad02814bfa014b8

Url: https://github.com/moodle/moodle/commit/568514ee7f7e994f61e7a44356fe89d0dd18c157

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-0216

Url: https://github.com/moodle/moodle

Url: https://github.com/moodle/moodle/commit/b04bf988ef47f8fa65dd08ce936ecb774d5d76bd

Url: https://moodle.org/mod/forum/discuss.php?d=260364

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877

Url: https://www.mend.io/vulnerability-database/CVE-2014-0216

Severity Score

5.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-0216

Date: May 26, 2014

Language: PHP

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?