CVE-2014-3542 — Vulnetix

CVE-2014-3542 PUBLISHED CVSS 4.300000190734863 MEDIUM

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

EPSS 0.43% · 62.8th percentile

Risk Scores

CVSS 2.0

4.300000190734863

EPSS Score

0.43%

62.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
moodle	moodle	0, 2.5.0, 2.6.0
moodle	moodle	2.3.3, 2.3.6, 2.3.5

Exploit Intelligence

[oss-security] 20140721 Moodle security notifications public (circl)
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463 (circl)
https://moodle.org/mod/forum/discuss.php?d=264263 (circl)

Timeline

Jul 29, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

[oss-security] 20140721 Moodle security notifications public mailing-list
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463 url
https://moodle.org/mod/forum/discuss.php?d=264263 url
https://nvd.nist.gov/vuln/detail/CVE-2014-3542 advisory
https://github.com/moodle/moodle/commit/78ed99ec7e5e75b283e844adb058140d6ba0ff14 url
https://github.com/moodle/moodle package

Open in Interactive Console →