{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110408?format=json","vulnerability_id":"VCID-t1vq-5b3t-tbfd","summary":"Moodle Arbitrary file read when importing lesson questions\nThe vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.","aliases":[{"alias":"CVE-2022-35650"},{"alias":"GHSA-pgm5-cr62-prxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148982?format=json","purl":"pkg:composer/moodle/moodle@3.9.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.15"},{"url":"http://public2.vulnerablecode.io/api/packages/148981?format=json","purl":"pkg:composer/moodle/moodle@3.11.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.8"},{"url":"http://public2.vulnerablecode.io/api/packages/148980?format=json","purl":"pkg:composer/moodle/moodle@4.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59614?format=json","purl":"pkg:composer/moodle/moodle@3.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164m-humk-1fe3"},{"vulnerability":"VCID-1kfj-2zwf-vbfp"},{"vulnerability":"VCID-2cdg-m3pq-ufe5"},{"vulnerability":"VCID-2jta-hqah-d7cf"},{"vulnerability":"VCID-33ss-gb34-8ke5"},{"vulnerability":"VCID-3cb4-wz6x-ckcd"},{"vulnerability":"VCID-3uvf-6ztd-xkaf"},{"vulnerability":"VCID-42fa-qbft-rfff"},{"vulnerability":"VCID-49gk-ugfy-6bcd"},{"vulnerability":"VCID-4m9g-bu1c-hbec"},{"vulnerability":"VCID-56wj-4124-ryd2"},{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-5rk8-v6bb-6ugh"},{"vulnerability":"VCID-62fw-qwr5-eyc1"},{"vulnerability":"VCID-6m19-4krm-2udd"},{"vulnerability":"VCID-6rc8-bs9z-5bb2"},{"vulnerability":"VCID-86jh-xn5g-kkgc"},{"vulnerability":"VCID-8aat-cy8z-7qb2"},{"vulnerability":"VCID-b994-r5mw-3fbg"},{"vulnerability":"VCID-bbj9-hpz3-xqhh"},{"vulnerability":"VCID-bhfv-dn14-ukfs"},{"vulnerability":"VCID-bju3-sj3y-83e3"},{"vulnerability":"VCID-c14d-1sa2-rkf6"},{"vulnerability":"VCID-c1a1-z5m1-nfbc"},{"vulnerability":"VCID-cp4k-uz4a-ukh6"},{"vulnerability":"VCID-cs5n-4bst-zfcj"},{"vulnerability":"VCID-dpd2-1sqc-qqfy"},{"vulnerability":"VCID-efq2-s2df-pqa1"},{"vulnerability":"VCID-f3b8-bfqu-8qbk"},{"vulnerability":"VCID-fskk-cb95-uqer"},{"vulnerability":"VCID-gepg-y7ud-cuds"},{"vulnerability":"VCID-gnez-ehgq-rfbr"},{"vulnerability":"VCID-gt5j-wemg-17gx"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-hsk6-h5ky-g3cx"},{"vulnerability":"VCID-j21p-heue-nqd9"},{"vulnerability":"VCID-jcq6-btgz-fkf6"},{"vulnerability":"VCID-jcsq-3q5z-4kc6"},{"vulnerability":"VCID-jsza-gn5n-cfac"},{"vulnerability":"VCID-kjd6-4drf-9ycm"},{"vulnerability":"VCID-mhm4-8kuk-t7b6"},{"vulnerability":"VCID-mkfz-e1ft-2bcw"},{"vulnerability":"VCID-mqde-66zm-qbbj"},{"vulnerability":"VCID-n7d3-j3jn-rqfc"},{"vulnerability":"VCID-nna3-77cm-vbah"},{"vulnerability":"VCID-nntc-dsz1-e3fp"},{"vulnerability":"VCID-p3ge-1cqt-tufw"},{"vulnerability":"VCID-pgfa-bkaw-q7cq"},{"vulnerability":"VCID-q8s7-ksru-8ygs"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"},{"vulnerability":"VCID-rqde-qn4c-pfd9"},{"vulnerability":"VCID-s7pu-hgz5-zfbq"},{"vulnerability":"VCID-sca8-zx4m-sub6"},{"vulnerability":"VCID-t1vq-5b3t-tbfd"},{"vulnerability":"VCID-taab-hupu-huf9"},{"vulnerability":"VCID-u32t-89zc-v3gj"},{"vulnerability":"VCID-ucyr-e6qr-5qe1"},{"vulnerability":"VCID-utsj-g57g-cbeb"},{"vulnerability":"VCID-vj1z-16nw-5khk"},{"vulnerability":"VCID-xh4x-t7he-pufq"},{"vulnerability":"VCID-yenj-fv96-pbd7"},{"vulnerability":"VCID-zf4q-a4cz-y7dh"},{"vulnerability":"VCID-zwkk-zazw-6fgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59618?format=json","purl":"pkg:composer/moodle/moodle@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164m-humk-1fe3"},{"vulnerability":"VCID-1kfj-2zwf-vbfp"},{"vulnerability":"VCID-1wzm-dhqv-43bj"},{"vulnerability":"VCID-233t-s5y8-4yg5"},{"vulnerability":"VCID-24bp-c9yc-gua4"},{"vulnerability":"VCID-2gtq-u4jg-4uck"},{"vulnerability":"VCID-2trf-n9r4-ykgg"},{"vulnerability":"VCID-2z6d-qf96-kyb4"},{"vulnerability":"VCID-33ss-gb34-8ke5"},{"vulnerability":"VCID-3ept-fdps-5fe5"},{"vulnerability":"VCID-49gk-ugfy-6bcd"},{"vulnerability":"VCID-4c9d-jf9g-u3gn"},{"vulnerability":"VCID-4m9g-bu1c-hbec"},{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-5bfe-hk7m-7bh6"},{"vulnerability":"VCID-5q1e-b4e8-jbc8"},{"vulnerability":"VCID-5rk8-v6bb-6ugh"},{"vulnerability":"VCID-62fw-qwr5-eyc1"},{"vulnerability":"VCID-6rc8-bs9z-5bb2"},{"vulnerability":"VCID-7rqc-eepq-43ds"},{"vulnerability":"VCID-7x6e-qege-ufdv"},{"vulnerability":"VCID-86jh-xn5g-kkgc"},{"vulnerability":"VCID-8d9n-ejbb-7fa1"},{"vulnerability":"VCID-9uem-p6k3-nqdb"},{"vulnerability":"VCID-b994-r5mw-3fbg"},{"vulnerability":"VCID-bhfv-dn14-ukfs"},{"vulnerability":"VCID-cbzx-gnhr-pfap"},{"vulnerability":"VCID-cp4k-uz4a-ukh6"},{"vulnerability":"VCID-d8gp-tuxy-3qdf"},{"vulnerability":"VCID-dvrf-62nt-2kdp"},{"vulnerability":"VCID-f3b8-bfqu-8qbk"},{"vulnerability":"VCID-g9f7-787g-vyem"},{"vulnerability":"VCID-gabv-ggbj-ckaj"},{"vulnerability":"VCID-gepg-y7ud-cuds"},{"vulnerability":"VCID-gr4h-n82f-zkg2"},{"vulnerability":"VCID-gt5j-wemg-17gx"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-hsk6-h5ky-g3cx"},{"vulnerability":"VCID-j21p-heue-nqd9"},{"vulnerability":"VCID-jarn-rtuz-wucq"},{"vulnerability":"VCID-jfsu-ya7r-h3e1"},{"vulnerability":"VCID-jsza-gn5n-cfac"},{"vulnerability":"VCID-kjd6-4drf-9ycm"},{"vulnerability":"VCID-p3ge-1cqt-tufw"},{"vulnerability":"VCID-q7va-hwg7-fbb4"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"},{"vulnerability":"VCID-rqde-qn4c-pfd9"},{"vulnerability":"VCID-s7pu-hgz5-zfbq"},{"vulnerability":"VCID-sca8-zx4m-sub6"},{"vulnerability":"VCID-t1vq-5b3t-tbfd"},{"vulnerability":"VCID-taab-hupu-huf9"},{"vulnerability":"VCID-u32t-89zc-v3gj"},{"vulnerability":"VCID-ucyr-e6qr-5qe1"},{"vulnerability":"VCID-utsj-g57g-cbeb"},{"vulnerability":"VCID-vj1z-16nw-5khk"},{"vulnerability":"VCID-wnaz-fnev-qqhd"},{"vulnerability":"VCID-x1pc-1kuc-kug2"},{"vulnerability":"VCID-xh4x-t7he-pufq"},{"vulnerability":"VCID-yenj-fv96-pbd7"},{"vulnerability":"VCID-yxag-fghx-47ej"},{"vulnerability":"VCID-z29a-xpcq-p7ct"},{"vulnerability":"VCID-zf4q-a4cz-y7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/63984?format=json","purl":"pkg:composer/moodle/moodle@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wzm-dhqv-43bj"},{"vulnerability":"VCID-24bp-c9yc-gua4"},{"vulnerability":"VCID-2trf-n9r4-ykgg"},{"vulnerability":"VCID-2z6d-qf96-kyb4"},{"vulnerability":"VCID-33ss-gb34-8ke5"},{"vulnerability":"VCID-3ept-fdps-5fe5"},{"vulnerability":"VCID-49gk-ugfy-6bcd"},{"vulnerability":"VCID-4c9d-jf9g-u3gn"},{"vulnerability":"VCID-4m9g-bu1c-hbec"},{"vulnerability":"VCID-4svp-grnb-2fh3"},{"vulnerability":"VCID-5bfe-hk7m-7bh6"},{"vulnerability":"VCID-5q1e-b4e8-jbc8"},{"vulnerability":"VCID-5rk8-v6bb-6ugh"},{"vulnerability":"VCID-62fw-qwr5-eyc1"},{"vulnerability":"VCID-6rc8-bs9z-5bb2"},{"vulnerability":"VCID-7rqc-eepq-43ds"},{"vulnerability":"VCID-7x6e-qege-ufdv"},{"vulnerability":"VCID-86jh-xn5g-kkgc"},{"vulnerability":"VCID-8d9n-ejbb-7fa1"},{"vulnerability":"VCID-b994-r5mw-3fbg"},{"vulnerability":"VCID-cbzx-gnhr-pfap"},{"vulnerability":"VCID-d8gp-tuxy-3qdf"},{"vulnerability":"VCID-dvrf-62nt-2kdp"},{"vulnerability":"VCID-f3b8-bfqu-8qbk"},{"vulnerability":"VCID-gabv-ggbj-ckaj"},{"vulnerability":"VCID-gepg-y7ud-cuds"},{"vulnerability":"VCID-gt5j-wemg-17gx"},{"vulnerability":"VCID-hsk6-h5ky-g3cx"},{"vulnerability":"VCID-j21p-heue-nqd9"},{"vulnerability":"VCID-jarn-rtuz-wucq"},{"vulnerability":"VCID-jfsu-ya7r-h3e1"},{"vulnerability":"VCID-jsza-gn5n-cfac"},{"vulnerability":"VCID-kjd6-4drf-9ycm"},{"vulnerability":"VCID-ngar-aydn-eye4"},{"vulnerability":"VCID-q7va-hwg7-fbb4"},{"vulnerability":"VCID-rqde-qn4c-pfd9"},{"vulnerability":"VCID-s7pu-hgz5-zfbq"},{"vulnerability":"VCID-sca8-zx4m-sub6"},{"vulnerability":"VCID-sz1m-v8wf-nqgx"},{"vulnerability":"VCID-t1vq-5b3t-tbfd"},{"vulnerability":"VCID-ucyr-e6qr-5qe1"},{"vulnerability":"VCID-utsj-g57g-cbeb"},{"vulnerability":"VCID-vj1z-16nw-5khk"},{"vulnerability":"VCID-x1pc-1kuc-kug2"},{"vulnerability":"VCID-xh4x-t7he-pufq"},{"vulnerability":"VCID-yenj-fv96-pbd7"},{"vulnerability":"VCID-yxag-fghx-47ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0"}],"references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35650","reference_id":"","reference_type":"","scores":[{"value":"0.00441","scoring_system":"epss","scoring_elements":"0.63551","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35650"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2106274","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2106274"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=436457","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=436457"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35650","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35650"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1vq-5b3t-tbfd"}