Description

repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.

Remediation

References

CVE-2012-4400

Related Vulnerabilities

WordPress Plugin BackWPup 'wp_export_generate.php' Local and Remote File Include Vulnerabilities (2.1.4)

WordPress Plugin Browsealoud Crypto Mining (1.4)

Squid Out-of-bounds Read Vulnerability (CVE-2021-28116)

WordPress Plugin Easy Testimonial Manager SQL Injection (1.2.0)

Oracle Database Server CVE-2006-5335 Vulnerability (CVE-2006-5335)

Severity

Medium

Classification

CVE-2012-4400 CWE-264

Tags

Missing Update Known Vulnerabilities