CVE-2014-0125 | Vulnerability Database | Aqua Security

repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a files owner.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	*	2.3.11 (including)
Moodle	Moodle	2.0.0 (including)	2.0.0 (including)
Moodle	Moodle	2.0.1 (including)	2.0.1 (including)
Moodle	Moodle	2.0.2 (including)	2.0.2 (including)
Moodle	Moodle	2.0.3 (including)	2.0.3 (including)
Moodle	Moodle	2.0.4 (including)	2.0.4 (including)
Moodle	Moodle	2.0.5 (including)	2.0.5 (including)
Moodle	Moodle	2.0.6 (including)	2.0.6 (including)
Moodle	Moodle	2.0.7 (including)	2.0.7 (including)
Moodle	Moodle	2.0.8 (including)	2.0.8 (including)
Moodle	Moodle	2.0.9 (including)	2.0.9 (including)
Moodle	Moodle	2.1.0 (including)	2.1.0 (including)
Moodle	Moodle	2.1.1 (including)	2.1.1 (including)
Moodle	Moodle	2.1.2 (including)	2.1.2 (including)
Moodle	Moodle	2.1.3 (including)	2.1.3 (including)
Moodle	Moodle	2.1.4 (including)	2.1.4 (including)
Moodle	Moodle	2.1.5 (including)	2.1.5 (including)
Moodle	Moodle	2.1.6 (including)	2.1.6 (including)
Moodle	Moodle	2.1.7 (including)	2.1.7 (including)
Moodle	Moodle	2.1.8 (including)	2.1.8 (including)
Moodle	Moodle	2.1.9 (including)	2.1.9 (including)
Moodle	Moodle	2.1.10 (including)	2.1.10 (including)
Moodle	Moodle	2.2.0 (including)	2.2.0 (including)
Moodle	Moodle	2.2.1 (including)	2.2.1 (including)
Moodle	Moodle	2.2.2 (including)	2.2.2 (including)
Moodle	Moodle	2.2.3 (including)	2.2.3 (including)
Moodle	Moodle	2.2.4 (including)	2.2.4 (including)
Moodle	Moodle	2.2.5 (including)	2.2.5 (including)
Moodle	Moodle	2.2.6 (including)	2.2.6 (including)
Moodle	Moodle	2.2.7 (including)	2.2.7 (including)
Moodle	Moodle	2.2.8 (including)	2.2.8 (including)
Moodle	Moodle	2.2.9 (including)	2.2.9 (including)
Moodle	Moodle	2.2.10 (including)	2.2.10 (including)
Moodle	Moodle	2.2.11 (including)	2.2.11 (including)
Moodle	Moodle	2.3.0 (including)	2.3.0 (including)
Moodle	Moodle	2.3.1 (including)	2.3.1 (including)
Moodle	Moodle	2.3.2 (including)	2.3.2 (including)
Moodle	Moodle	2.3.3 (including)	2.3.3 (including)
Moodle	Moodle	2.3.4 (including)	2.3.4 (including)
Moodle	Moodle	2.3.5 (including)	2.3.5 (including)
Moodle	Moodle	2.3.6 (including)	2.3.6 (including)
Moodle	Moodle	2.3.7 (including)	2.3.7 (including)
Moodle	Moodle	2.3.8 (including)	2.3.8 (including)
Moodle	Moodle	2.3.9 (including)	2.3.9 (including)
Moodle	Moodle	2.3.10 (including)	2.3.10 (including)
Moodle	Moodle	2.4.0 (including)	2.4.0 (including)
Moodle	Moodle	2.4.1 (including)	2.4.1 (including)
Moodle	Moodle	2.4.2 (including)	2.4.2 (including)
Moodle	Moodle	2.4.3 (including)	2.4.3 (including)
Moodle	Moodle	2.4.4 (including)	2.4.4 (including)
Moodle	Moodle	2.4.5 (including)	2.4.5 (including)
Moodle	Moodle	2.4.6 (including)	2.4.6 (including)
Moodle	Moodle	2.4.7 (including)	2.4.7 (including)
Moodle	Moodle	2.4.8 (including)	2.4.8 (including)
Moodle	Moodle	2.5.0 (including)	2.5.0 (including)
Moodle	Moodle	2.5.1 (including)	2.5.1 (including)
Moodle	Moodle	2.5.2 (including)	2.5.2 (including)
Moodle	Moodle	2.5.3 (including)	2.5.3 (including)
Moodle	Moodle	2.5.4 (including)	2.5.4 (including)
Moodle	Moodle	2.6.0 (including)	2.6.0 (including)
Moodle	Moodle	2.6.1 (including)	2.6.1 (including)

References

http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-29409
http://openwall.com/lists/oss-security/2014/03/17/1
https://moodle.org/mod/forum/discuss.php?d=256422

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0125
CWE	https://cwe.mitre.org/data/definitions/264.html