Home > Vulnerability Database > CVE-2022-35650

Mend.io Vulnerability Database

CVE-2022-35650

Good to know:

Date: July 25, 2022

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

Language: PHP

Severity Score

7.5

Related Resources (7)

Url: https://moodle.org/mod/forum/discuss.php?d=436457

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-35650

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2106274

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/

Url: https://www.mend.io/vulnerability-database/CVE-2022-35650

Severity Score

7.5

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version v3.9.15,v3.11.8,v4.0.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-35650

Good to know:

Date: July 25, 2022

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?