CVE-2023-28330: Moodle arbitrary file read vulnerability
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.59984%
CWE
Published
3/23/2023
Updated
4/19/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 4.1.0, < 4.1.2 | 4.1.2 |
| moodle/moodle | composer | >= 4.0.0, < 4.0.7 | 4.0.7 |
| moodle/moodle | composer | >= 3.11.0, < 3.11.13 | 3.11.13 |
| moodle/moodle | composer | < 3.9.20 | 3.9.20 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the unvalidated use of $data['initialcontent'] in file_get_contents. The patch adds clean_param() with PARAM_FILE filter to sanitize the filename input. The affected function is clearly identified in the commit diff modifying mod/wiki/backup/moodle1/lib.php, and the CWE-20 classification matches the missing input validation pattern. The function's role in backup processing aligns with the vulnerability's context of malicious backup file exploitation.