Description

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

Remediation

References

CVE-2018-1135

Related Vulnerabilities

WordPress Plugin Events Manager Pro CSV Injection (2.6.7.1)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21340)

WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-38902)

WordPress Plugin Custom Website Data Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2018-1135 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities