Description
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.
Remediation
References
Related Vulnerabilities
WordPress Plugin RSS for Yandex Turbo Cross-Site Scripting (1.29)
WordPress Plugin CiviCRM Multiple Vulnerabilities (5.28.0)
WordPress Plugin WP SVG Icons Multiple Unspecified Vulnerabilities (3.1.8.1)
WordPress Plugin WP Database Backup Unspecified Vulnerability (4.1)
Internet Information Services Other Vulnerability (CVE-1999-0154)