CVE-2014-3542
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
| Software | From | Fixed in |
|---|---|---|
moodle / moodle
|
2.7.0 | 2.7.0.x |
|
moodle / moodle
|
2.6.1 | 2.6.1.x |
|
moodle / moodle
|
2.6.2 | 2.6.2.x |
|
moodle / moodle
|
2.6.3 | 2.6.3.x |
|
moodle / moodle
|
2.6.0 | 2.6.0.x |
|
moodle / moodle
|
2.3.8 | 2.3.8.x |
|
moodle / moodle
|
2.3.4 | 2.3.4.x |
|
moodle / moodle
|
2.3.1 | 2.3.1.x |
|
moodle / moodle
|
2.3.6 | 2.3.6.x |
|
moodle / moodle
|
2.3.10 | 2.3.10.x |
|
moodle / moodle
|
2.3.5 | 2.3.5.x |
|
moodle / moodle
|
2.3.3 | 2.3.3.x |
|
moodle / moodle
|
- | 2.3.11.x |
|
moodle / moodle
|
2.3.7 | 2.3.7.x |
|
moodle / moodle
|
2.3.2 | 2.3.2.x |
|
moodle / moodle
|
2.3.9 | 2.3.9.x |
|
moodle / moodle
|
2.3.0 | 2.3.0.x |
|
moodle / moodle
|
2.4.3 | 2.4.3.x |
|
moodle / moodle
|
2.4.1 | 2.4.1.x |
|
moodle / moodle
|
2.4.9 | 2.4.9.x |
|
moodle / moodle
|
2.4.2 | 2.4.2.x |
|
moodle / moodle
|
2.4.6 | 2.4.6.x |
|
moodle / moodle
|
2.4.4 | 2.4.4.x |
|
moodle / moodle
|
2.4.7 | 2.4.7.x |
|
moodle / moodle
|
2.4.5 | 2.4.5.x |
|
moodle / moodle
|
2.4.8 | 2.4.8.x |
|
moodle / moodle
|
2.4.10 | 2.4.10.x |
|
moodle / moodle
|
2.4.0 | 2.4.0.x |
|
moodle / moodle
|
2.5.1 | 2.5.1.x |
|
moodle / moodle
|
2.5.3 | 2.5.3.x |
|
moodle / moodle
|
2.5.5 | 2.5.5.x |
|
moodle / moodle
|
2.5.2 | 2.5.2.x |
|
moodle / moodle
|
2.5.6 | 2.5.6.x |
|
moodle / moodle
|
2.5.4 | 2.5.4.x |
|
moodle / moodle
|
2.5.0 | 2.5.0.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime