EPSS
Percentile
70.3%
Moodle is vulnerable to XML external entity (XXE) attacks. A malicious user can pass an XML file to the application through a LTI server to cause an XXE attack, allowing the user to read arbitrary files.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
openwall.com/lists/oss-security/2014/07/21/1
moodle.org/mod/forum/discuss.php?d=264263