Improper Input Validation
The vulnerability was found in Moodle prior to 3.9.15, 3.10.x, 3.11.x prior to 3.11.8, 4.0.x prior to 4.0.2, occur due to input validation errors when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers, and admins by default.
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.