Description

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.

Remediation

References

CVE-2018-1134

Related Vulnerabilities

WordPress Plugin CMS Press Cross-Site Scripting (0.2.3)

MySQL CVE-2021-2226 Vulnerability (CVE-2021-2226)

MySQL CVE-2016-0654 Vulnerability (CVE-2016-0654)

MySQL CVE-2021-2024 Vulnerability (CVE-2021-2024)

CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26272)

Severity

Medium

Classification

CVE-2018-1134 CWE-269 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities