Description

repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.

Remediation

References

CVE-2012-4400

Related Vulnerabilities

WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)

WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)

WordPress 4.6.x Cross-Domain Flash Injection Vulnerability (4.6 - 4.6.9)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.185)

PostgreSQL Out-of-bounds Write Vulnerability (CVE-2019-10164)

Severity

Medium

Classification

CVE-2012-4400 CWE-264

Tags

Missing Update Known Vulnerabilities