mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-07-29T10:00:00
Updated: 2024-08-06T10:50:16.801Z
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3543
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-07-29T11:10:31.777
Modified: 2020-12-01T14:54:45.183
Link: CVE-2014-3543
Redhat
No data.