CVE-2014-0125 | Vulnerability Database | Aqua Security

repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a files owner.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	*	2.3.11 (including)
Moodle	Moodle	2.0.0 (including)	2.0.0 (including)
Moodle	Moodle	2.0.1 (including)	2.0.1 (including)
Moodle	Moodle	2.0.2 (including)	2.0.2 (including)
Moodle	Moodle	2.0.3 (including)	2.0.3 (including)
Moodle	Moodle	2.0.4 (including)	2.0.4 (including)
Moodle	Moodle	2.0.5 (including)	2.0.5 (including)
Moodle	Moodle	2.0.6 (including)	2.0.6 (including)
Moodle	Moodle	2.0.7 (including)	2.0.7 (including)
Moodle	Moodle	2.0.8 (including)	2.0.8 (including)
Moodle	Moodle	2.0.9 (including)	2.0.9 (including)
Moodle	Moodle	2.1.0 (including)	2.1.0 (including)
Moodle	Moodle	2.1.1 (including)	2.1.1 (including)
Moodle	Moodle	2.1.2 (including)	2.1.2 (including)
Moodle	Moodle	2.1.3 (including)	2.1.3 (including)
Moodle	Moodle	2.1.4 (including)	2.1.4 (including)
Moodle	Moodle	2.1.5 (including)	2.1.5 (including)
Moodle	Moodle	2.1.6 (including)	2.1.6 (including)
Moodle	Moodle	2.1.7 (including)	2.1.7 (including)
Moodle	Moodle	2.1.8 (including)	2.1.8 (including)
Moodle	Moodle	2.1.9 (including)	2.1.9 (including)
Moodle	Moodle	2.1.10 (including)	2.1.10 (including)
Moodle	Moodle	2.2.0 (including)	2.2.0 (including)
Moodle	Moodle	2.2.1 (including)	2.2.1 (including)
Moodle	Moodle	2.2.2 (including)	2.2.2 (including)
Moodle	Moodle	2.2.3 (including)	2.2.3 (including)
Moodle	Moodle	2.2.4 (including)	2.2.4 (including)
Moodle	Moodle	2.2.5 (including)	2.2.5 (including)
Moodle	Moodle	2.2.6 (including)	2.2.6 (including)
Moodle	Moodle	2.2.7 (including)	2.2.7 (including)
Moodle	Moodle	2.2.8 (including)	2.2.8 (including)
Moodle	Moodle	2.2.9 (including)	2.2.9 (including)
Moodle	Moodle	2.2.10 (including)	2.2.10 (including)
Moodle	Moodle	2.2.11 (including)	2.2.11 (including)
Moodle	Moodle	2.3.0 (including)	2.3.0 (including)
Moodle	Moodle	2.3.1 (including)	2.3.1 (including)
Moodle	Moodle	2.3.2 (including)	2.3.2 (including)
Moodle	Moodle	2.3.3 (including)	2.3.3 (including)
Moodle	Moodle	2.3.4 (including)	2.3.4 (including)
Moodle	Moodle	2.3.5 (including)	2.3.5 (including)
Moodle	Moodle	2.3.6 (including)	2.3.6 (including)
Moodle	Moodle	2.3.7 (including)	2.3.7 (including)
Moodle	Moodle	2.3.8 (including)	2.3.8 (including)
Moodle	Moodle	2.3.9 (including)	2.3.9 (including)
Moodle	Moodle	2.3.10 (including)	2.3.10 (including)
Moodle	Moodle	2.4.0 (including)	2.4.0 (including)
Moodle	Moodle	2.4.1 (including)	2.4.1 (including)
Moodle	Moodle	2.4.2 (including)	2.4.2 (including)
Moodle	Moodle	2.4.3 (including)	2.4.3 (including)
Moodle	Moodle	2.4.4 (including)	2.4.4 (including)
Moodle	Moodle	2.4.5 (including)	2.4.5 (including)
Moodle	Moodle	2.4.6 (including)	2.4.6 (including)
Moodle	Moodle	2.4.7 (including)	2.4.7 (including)
Moodle	Moodle	2.4.8 (including)	2.4.8 (including)
Moodle	Moodle	2.5.0 (including)	2.5.0 (including)
Moodle	Moodle	2.5.1 (including)	2.5.1 (including)
Moodle	Moodle	2.5.2 (including)	2.5.2 (including)
Moodle	Moodle	2.5.3 (including)	2.5.3 (including)
Moodle	Moodle	2.5.4 (including)	2.5.4 (including)
Moodle	Moodle	2.6.0 (including)	2.6.0 (including)
Moodle	Moodle	2.6.1 (including)	2.6.1 (including)
Moodle	Ubuntu	artful	*
Moodle	Ubuntu	lucid	*
Moodle	Ubuntu	precise	*
Moodle	Ubuntu	quantal	*
Moodle	Ubuntu	saucy	*
Moodle	Ubuntu	trusty	*
Moodle	Ubuntu	upstream	*
Moodle	Ubuntu	utopic	*
Moodle	Ubuntu	vivid	*
Moodle	Ubuntu	wily	*
Moodle	Ubuntu	yakkety	*
Moodle	Ubuntu	zesty	*

References

http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-29409
http://openwall.com/lists/oss-security/2014/03/17/1
https://moodle.org/mod/forum/discuss.php?d=256422

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0125
CWE	https://cwe.mitre.org/data/definitions/264.html