spell-check-logic.cgi
in Moodle 1.9 before 1.9.4, 1.8 before 1.8.8, 1.7 before 1.7.7 and 1.6 before 1.6.9 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log
, (2) /tmp/spell-check-before
, or (3) /tmp/spell-check-after
temporary file.
{ "nvd_published_at": "2008-11-18T16:00:00Z", "cwe_ids": [ "CWE-59" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-09T18:57:15Z" }