Description
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2000-0246)
OpenSSL Out-of-bounds Read Vulnerability (CVE-2017-3731)
WordPress Plugin FormCraft-Contact Form Builder Cross-Site Request Forgery (1.2.1)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2017-5645)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-15715)