Description
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2019-2956 Vulnerability (CVE-2019-2956)
WordPress Plugin Visitor Traffic Real Time Statistics Unspecified Vulnerability (2.13)
Joomla! Core 2.5.x Remote File Inclusion (2.5.4 - 2.5.25)
Oracle JRE CVE-2023-21939 Vulnerability (CVE-2023-21939)
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)