XML External Entity (XXE) vulnerability in mod/lti/service.php in Moodle before 2.7.1

XML External Entity (XXE) vulnerability in mod/lti/service.php in Moodle before 2.7.1

CVE-2014-3542 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Learn more about our External Network Penetration Testing.