Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-0216

Good to know:

icon

Date: May 26, 2014

The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.

Language: PHP

Severity Score

Related Resources (10)

https://github.com/moodle/moodle/commit/7b9acc77efe06f7be7070032b05c3159e0a6d415
http://openwall.com/lists/oss-security/2014/05/19/1
https://github.com/moodle/moodle/commit/40ad22fdd0d9ed569b2ad0ff6ad02814bfa014b8
https://github.com/moodle/moodle/commit/568514ee7f7e994f61e7a44356fe89d0dd18c157
https://nvd.nist.gov/vuln/detail/CVE-2014-0216
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/b04bf988ef47f8fa65dd08ce936ecb774d5d76bd
https://moodle.org/mod/forum/discuss.php?d=260364
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
https://www.mend.io/vulnerability-database/CVE-2014-0216

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Top Fix

icon

Upgrade Version

Upgrade to version 2.4.10,2.5.6,2.6.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us