Description

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.

Remediation

References

CVE-2012-5471

Related Vulnerabilities

Sqlite Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-35527)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7854)

WordPress Plugin Monsters Editor for WP Super Edit Arbitrary File Upload (1.1)

WordPress Plugin Wechat Broadcast Local/Remote File Inclusion (1.2.0)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.32.7212)

Severity

Medium

Classification

CVE-2012-5471 CWE-264

Tags

Missing Update Known Vulnerabilities