Description

repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.

Remediation

References

CVE-2012-4400

Related Vulnerabilities

WordPress Plugin WP-Forum 'forum_feed.php' SQL Injection (1.7.8)

Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2966)

Oracle Database Server Other Vulnerability (CVE-2005-3444)

WordPress Plugin ECPay Logistics for WooCommerce Cross-Site Scripting (1.2.181030)

WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel Security Bypass (1.3.5)

Severity

Medium

Classification

CVE-2012-4400 CWE-264

Tags

Missing Update Known Vulnerabilities