![icon](https://www.mend.io/vulnerability-database/wp-content/themes/whitesource/img/search_cube.png)
We found results for “”
CVE-2022-35650
Good to know:
![A fix is available icon](https://www.mend.io/vulnerability-database//wp-content/themes/whitesource/img/icon2.png)
Date: July 25, 2022
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
Language: PHP
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Input Validation
CWE-20Top Fix
![icon](https://www.mend.io/vulnerability-database//wp-content/themes/whitesource/img/sec5.png)
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |