Description
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
Remediation
References
Related Vulnerabilities
Drupal CVE-2009-3352 Vulnerability (CVE-2009-3352)
ReviveAdserver 7PK - Security Features Vulnerability (CVE-2016-9470)
WordPress Plugin Easy Accept Payments for PayPal Cross-Site Scripting (4.9.9)
WordPress Plugin BigDoor Quick Gamification for WordPress Cross-Site Scripting (1.0.5)
WordPress Plugin Media Library Categories 'termid' Parameter SQL Injection (1.0.6)