Search for vulnerabilities
| Vulnerability ID | VCID-6fbt-nz6e-nbd2 |
| Aliases |
CVE-2012-6099
GHSA-cr78-rphw-w73p |
| Summary | Moodle Arbitrary File Read via Backup Functionality The moodle1 backup converter in `backup/converter/moodle1/lib.php` in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | MODERATE | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977 |
| generic_textual | MODERATE | http://openwall.com/lists/oss-security/2013/01/21/1 |
| epss | 0.00199 | https://api.first.org/data/v1/epss?cve=CVE-2012-6099 |
| epss | 0.00199 | https://api.first.org/data/v1/epss?cve=CVE-2012-6099 |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-cr78-rphw-w73p |
| generic_textual | MODERATE | https://github.com/moodle/moodle |
| generic_textual | MODERATE | https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10 |
| generic_textual | MODERATE | https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44 |
| generic_textual | MODERATE | https://moodle.org/mod/forum/discuss.php?d=220160 |
| generic_textual | MODERATE | https://nvd.nist.gov/vuln/detail/CVE-2012-6099 |
| Percentile | 0.42386 |
| EPSS Score | 0.00199 |
| Published At | June 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-01T12:29:15.058132+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cr78-rphw-w73p/GHSA-cr78-rphw-w73p.json | 36.1.3 |