Description

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.

Remediation

References

CVE-2013-1836

Related Vulnerabilities

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31547)

Apache Tomcat Incorrect Authorization Vulnerability (CVE-2016-6797)

WordPress Plugin Popup-Popup More Popups Directory Traversal (2.2.4)

Oracle JRE CVE-2013-1561 Vulnerability (CVE-2013-1561)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-5174)

Severity

Medium

Classification

CVE-2013-1836 CWE-264

Tags

Missing Update Known Vulnerabilities