Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

Affected Packages

Packagist moodle/moodle

Affected versions: 4.1.0 (fixed in 4.1.2)

Packagist moodle/moodle

Affected versions: 4.0.0 (fixed in 4.0.7)

Packagist moodle/moodle

Affected versions: 3.11.0 (fixed in 3.11.13)

Packagist moodle/moodle

Affected versions: 0 (fixed in 3.9.20)

Related CVEs

CVE-2023-28330

Key Information

GHSA ID

GHSA-56r9-72vx-q989

Published

March 23, 2023 9:30 PM

Last Modified

April 19, 2024 4:22 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

moodle/moodle

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.