Description
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (2.0.2)
WordPress Plugin IMPress for IDX Broker Cross-Site Scripting (3.0.5)
WordPress Plugin HT Slider Range for Amazon affiliates Cross-Site Scripting (1.1.5)
WordPress Plugin Image Slider Cross-Site Request Forgery (1.1.121)
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000484)