CVE-2012-4407
Moodle 2.1.x-2.1.8, 2.2.x-2.2.5, 2.3.x-2.3.2 - Unauthenticated Sensitive Information Exposure via Blog File Reference
Title source: llmDescription
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/09/17/1
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=211557
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585
Scores
EPSS
0.0028
EPSS Percentile
51.7%
Details
CWE
CWE-200
Status
published
Products (15)
moodle/moodle
2.1.0
moodle/moodle
2.1.1
moodle/moodle
2.1.2
moodle/moodle
2.1.3
moodle/moodle
2.1.4
moodle/moodle
2.1.5
moodle/moodle
2.1.6
moodle/moodle
2.1.7
moodle/moodle
2.2.0
moodle/moodle
2.2.1
... and 5 more
Published
Sep 19, 2012
Tracked Since
Feb 18, 2026