mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-07-29T10:00:00
Updated: 2024-08-06T10:50:17.162Z
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3542
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-07-29T11:10:31.743
Modified: 2020-12-01T14:54:45.183
Link: CVE-2014-3542
Redhat
No data.