Vulnetix
Try Vulnetix Request Demo
CVE-2014-3543 PUBLISHED CVSS 4.300000190734863 MEDIUM

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.

EPSS 0.43% · 62.2th percentile

Risk Scores

CVSS v2.0
4.300000190734863
EPSS Score
0.43%
62.2th percentile

Affected Products

VendorProductVersions
n/an/an/a
moodlemoodle2.7.0, 2.7.0, 2.6.0
moodlemoodle0, 2.3.0, 2.3.1

Timeline

References

Open in Interactive Console →