Description

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.

Remediation

References

CVE-2018-1134

Related Vulnerabilities

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Cross-Site Scripting (6.3.4)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9407)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6929)

WordPress Plugin WooCommerce Social Login Privilege Escalation (2.7.3)

Perl CVE-2016-6185 Vulnerability (CVE-2016-6185)

Severity

Medium

Classification

CVE-2018-1134 CWE-269 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities