Skip to main content

Improper Input Validation

CVE-2022-35650

Severity High
Score 7.5/10

Summary

The vulnerability was found in Moodle prior to 3.9.15, 3.10.x, 3.11.x prior to 3.11.8, 4.0.x prior to 4.0.2, occur due to input validation errors when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers, and admins by default.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Advisory Timeline

  • Published