CVE-2012-3390 — Vulnetix

CVE-2012-3390 REJECTED

lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block.

EPSS 0.25% · 48.7th percentile

Risk Scores

EPSS Score

0.25%

48.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	moodle	0, 2.5.2-1, 2.5.3-2

Exploit Intelligence

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d (circl)
49890 (circl)
[oss-security] 20120717 Moodle security notifications public (circl)
54481 (circl)
moodle-pluginfile-sec-bypass(76956) (circl)

Timeline

Jul 20, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2012-3390 third-party-advisory
http://openwall.com/lists/oss-security/2012/07/17/1 third-party-advisory
http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2012-3390 third-party-advisory

Open in Interactive Console →