Endpoint Vulnerability

Moodle: Directory Traversal Attack possible through some files serving JS

Description

Parameter 'file' passed to scripts serving JS was not always cleaned from including '../' in the path, allowing to read files located outside of moodle directory. All OS are affected but especially vulnerable are Windows servers

Affected Products

Moodle

References

CVE-2015-1493,