Description

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Remediation

References

CVE-2021-32476

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Gift Cards Premium Unspecified Vulnerability (3.20.0)

PHP Numeric Errors Vulnerability (CVE-2006-4486)

WordPress Plugin 3D Cover Carousel Cross-Site Scripting (1.0)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1618)

WordPress Plugin Login by Auth0 Multiple Vulnerabilities (3.11.3)

Severity

High

Classification

CVE-2021-32476 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities