CVE-2022-35650 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-35650

CVE-2022-35650

July 25, 2022

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

Related Resources (9)

https://nvd.nist.gov/vuln/detail/CVE-2022-35650

https://moodle.org/mod/forum/discuss.php?d=436457

https://bugzilla.redhat.com/show_bug.cgi?id=2106274

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3

https://github.com/moodle/moodle

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/

Do you need more information?

CVSS v4