CVE-2012-3387 in Moodleinfo

Summary

Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.

Be aware that VulDB is the high quality source for vulnerability data.

Responsible

Reservation

06/14/2012

Disclosure

07/23/2012

Moderation

VulDB entry created

Entries

VDB-61388

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

4.3

EPSS

0.00198

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3387
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3387
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3387/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!