Description
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.
Remediation
References
Related Vulnerabilities
WordPress Plugin Abandoned Cart Lite for WooCommerce Cross-Site Scripting (5.1.3)
Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2017-15095)
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)
Oracle Application Server CVE-2006-3712 Vulnerability (CVE-2006-3712)