Description

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Remediation

References

CVE-2021-32476

Related Vulnerabilities

WordPress Plugin Web to Print Online Designer Security Bypass (2.3.0)

WordPress Plugin Video Conferencing with Zoom Information Disclosure (3.8.16)

WordPress Plugin SB Uploader Arbitrary File Upload (4.1)

Joomla Other Vulnerability (CVE-2006-4474)

Varnish Cache Integer Overflow or Wraparound Vulnerability (CVE-2017-12425)

Severity

High

Classification

CVE-2021-32476 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities