Description

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

Remediation

References

CVE-2018-1135

Related Vulnerabilities

phpMyFAQ Incorrect Authorization Vulnerability (CVE-2024-22208)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)

Drupal Incorrect Authorization Vulnerability (CVE-2023-31250)

WordPress Plugin Blaze Slideshow 'upload.php' Arbitrary File Upload (2.4)

MySQL CVE-2015-4833 Vulnerability (CVE-2015-4833)

Severity

Medium

Classification

CVE-2018-1135 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities