Moderate severityNVD Advisory· Published Jul 23, 2012· Updated Jun 16, 2026
CVE-2012-3387
CVE-2012-3387
Description
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 2.3, < 2.3.1 | 2.3.1 |
Affected products
2Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-w66h-c2vj-cm7fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-3387ghsaADVISORY
- openwall.com/lists/oss-security/2012/07/17/1nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/76954nvdWEB
- github.com/moodle/moodle/commit/3b6629c088f14c6ee8f13a009ff27441d164f334ghsaWEB
- github.com/moodle/moodle/commit/61a339e59857fd36080f4a468a16cd6a539d90bbghsaWEB
- web.archive.org/web/20121104220059/http://www.securityfocus.com/bid/54481ghsaWEB
- secunia.com/advisories/49890nvd
- www.securityfocus.com/bid/54481nvd
News mentions
0No linked articles in our index yet.