Description

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

Remediation

References

CVE-2018-1135

Related Vulnerabilities

WordPress Plugin IP Logger 'map-details.php' SQL Injection (3.0)

PHP Resource Management Errors Vulnerability (CVE-2010-4697)

WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.1.44)

MediaWiki Missing Authentication for Critical Function Vulnerability (CVE-2019-12468)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0124)

Severity

Medium

Classification

CVE-2018-1135 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities