Lucene search
Veracode Vulnerability DatabaseVERACODE:4531HistoryJul 05, 2017 - 7:41 a.m.
XML External Entity (XXE) Injection
2017-07-0507:41:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
EPSS
0.003
Percentile
70.3%
Moodle is susceptible to XML external entity (XXE) injection attacks. The attacks exist because mod/imscp/locallib.php does not filter the input XML files to the IMSCC course format or the IMSCP resource, thereby allowing attackers to input malicious XML files and read server-side files.
Related
github
github
Moodle Arbitrary File Read via XML External Entity vulnerability
2022-05-13 01:12:40
ubuntucve
ubuntucve
CVE-2014-3543
2014-07-29 00:00:00
prion
prion
Xxe
2014-07-29 11:10:00
nvd
nvd
CVE-2014-3543
2014-07-29 11:10:31
cvelist
cvelist
CVE-2014-3543
2014-07-29 10:00:00
osv
osv
Moodle Arbitrary File Read via XML External Entity vulnerability
2022-05-13 01:12:40
cve
cve
CVE-2014-3543
2014-07-29 11:10:31
nessus
nessus
Moodle < 2.4 / 2.4.x < 2.4.11 / 2.5.x < 2.5.7 / 2.6.x < 2.6.4 / 2.7.x < 2.7.1 Multiple Vulnerabilities
2015-04-20 00:00:00
Fedora 20 : moodle-2.5.7-1.fc20 (2014-8601)
2014-07-31 00:00:00
Fedora 19 : moodle-2.4.11-1.fc19 (2014-8609)
2014-07-31 00:00:00
mageia
mageia
Updated moodle package fixes security vulnerabilities
2014-08-06 00:08:48
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0308)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2014-10802
2014-10-01 00:00:00
Fedora Update for moodle FEDORA-2014-15102
2014-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: moodle-2.5.9-1.fc20
2014-11-25 15:30:01
[SECURITY] Fedora 19 Update: moodle-2.4.11-1.fc19
2014-07-30 06:59:58
[SECURITY] Fedora 20 Update: moodle-2.5.7-1.fc20
2014-07-30 07:03:13