Home > Vulnerability Database > CVE-2014-3542

Mend.io Vulnerability Database

CVE-2014-3542

Date: July 29, 2014

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Language: PHP

Severity Score

3.7

Related Resources (7)

Url: https://moodle.org/mod/forum/discuss.php?d=264263

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463

Url: https://github.com/moodle/moodle/commit/78ed99ec7e5e75b283e844adb058140d6ba0ff14

Url: https://github.com/moodle/moodle

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-3542

Url: http://openwall.com/lists/oss-security/2014/07/21/1

Url: https://www.mend.io/vulnerability-database/CVE-2014-3542

Severity Score

3.7

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-3542

Date: July 29, 2014

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?