Vulnerability Database

290,301

Total vulnerabilities in the database

CVE-2012-4407

lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file.

  • Published: Sep 19, 2012
  • Updated: Apr 13, 2023
  • CVE: CVE-2012-4407
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
moodle / moodle 2.1.2 2.1.2.x
moodle / moodle 2.1.1 2.1.1.x
moodle / moodle 2.1.5 2.1.5.x
moodle / moodle 2.1.6 2.1.6.x
moodle / moodle 2.1.3 2.1.3.x
moodle / moodle 2.1.7 2.1.7.x
moodle / moodle 2.1.4 2.1.4.x
moodle / moodle 2.1.0 2.1.0.x
moodle / moodle 2.2.2 2.2.2.x
moodle / moodle 2.2.1 2.2.1.x
moodle / moodle 2.2.3 2.2.3.x
moodle / moodle 2.2.4 2.2.4.x
moodle / moodle 2.2.0 2.2.0.x
moodle / moodle 2.3.1 2.3.1.x
moodle / moodle 2.3.0 2.3.0.x