Description

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

Remediation

References

CVE-2018-1135

Related Vulnerabilities

Oracle HTTP Server CVE-2021-35666 Vulnerability (CVE-2021-35666)

Atlassian Jira Improper Authentication Vulnerability (CVE-2019-20412)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4584)

WordPress Plugin SG Optimizer Multiple Vulnerabilities (3.3.5)

Oracle Application Server Other Vulnerability (CVE-2005-1383)

Severity

Medium

Classification

CVE-2018-1135 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities