Home > Vulnerability Database > CVE-2015-2267

Mend.io Vulnerability Database

CVE-2015-2267

Date: June 1, 2015

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.

Language: PHP

Severity Score

4.3

Related Resources (16)

Url: https://github.com/moodle/moodle/commit/de169b7944e36d374d55e3f396d90ab2b4303afb

Url: https://moodle.org/mod/forum/discuss.php?d=307381

Url: https://github.com/moodle/moodle/commit/4475f1e478370fb97933127ec60e40f39e285da1

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087

Url: https://github.com/moodle/moodle/commit/a47aabc7833d0c88a83791d99a1204742c33f59b

Url: https://github.com/moodle/moodle/commit/240e7be7341afa31096fdbf3f242a7966f6237ab

Url: https://github.com/moodle/moodle/commit/83866c3c2a5b1391317172eea0b4f017c6d142d2

Url: https://github.com/moodle/moodle/commit/12a8fcb5e45c58ee8267ad0472852c2b80a19878

Url: https://github.com/moodle/moodle/commit/8d9bdd28e049ca6b6b2a4ab8f142097c2f907df6

Url: http://openwall.com/lists/oss-security/2015/03/16/1

Url: https://github.com/moodle/moodle

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-2267

Url: https://github.com/moodle/moodle/commit/76da7e9bc88669eab62f83f04639ba356a0b0c5a

Url: https://github.com/moodle/moodle/commit/84f9f60b67e1e20058fbe2afa473607d075aff63

Url: https://github.com/moodle/moodle/commit/c353a6202658f320096a41e94494063393153b7f

Url: https://www.mend.io/vulnerability-database/CVE-2015-2267

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-2267

Date: June 1, 2015

Language: PHP

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?