Moodle CVE-2015-1493 Path Traversal Vulnerability

description-logoDescription

Parameter "file" passed to scripts serving JS was not always cleaned from including "../" in the path, allowing to read files located outside of moodle directory. All OS are affected but especially vulnerable are Windows servers

affected-products-logoAffected Applications

Moodle

CVE References

CVE-2015-1493