Description
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server CVE-2021-35666 Vulnerability (CVE-2021-35666)
Atlassian Jira Improper Authentication Vulnerability (CVE-2019-20412)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4584)
WordPress Plugin SG Optimizer Multiple Vulnerabilities (3.3.5)
Oracle Application Server Other Vulnerability (CVE-2005-1383)