Description
repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.
Remediation
References
Related Vulnerabilities
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2729)
WordPress Plugin PDF Flipbook, 3D Flipbook WordPress-DearFlip Cross-Site Scripting (1.7.9)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-25644)
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.19)
WordPress Plugin xili-tidy-tags Cross-Site Request Forgery (1.12.03)