Description
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Cumulus 'tagcloud.swf' Cross-Site Scripting (1.22)
Oracle JRE CVE-2013-5802 Vulnerability (CVE-2013-5802)
WordPress Plugin LOGOSWARE SUITE Uploader Arbitrary File Upload (1.1.6)
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)
WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Request Forgery (3.5.1.0)