CVE-2014-3542
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0043 (0.4%)
Percentile: 62.4%
EPSS: 2026-05-06
Affects
moodle:moodleTechnical description
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Published: 7/29/2014, 11:10:31 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
- http://openwall.com/lists/oss-security/2014/07/21/1
- https://moodle.org/mod/forum/discuss.php?d=264263
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
- http://openwall.com/lists/oss-security/2014/07/21/1
- https://moodle.org/mod/forum/discuss.php?d=264263