Description

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.

Remediation

References

CVE-2018-1134

Related Vulnerabilities

Squid Improper Input Validation Vulnerability (CVE-2014-3609)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Unspecified Vulnerability (2.6.4)

WordPress Plugin WordPress Landing Page-Squeeze Page-Responsive Landing Page Builder Free-WP Lead Plus X Multiple Vulnerabilities (0.98)

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Cross-Site Scripting (3.5.7)

Drupal Core 8.8.x Cross-Site Scripting (8.8.0 - 8.8.5)

Severity

Medium

Classification

CVE-2018-1134 CWE-269 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities