Description
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Loco Translate Local File Inclusion (2.2.1)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2199)
WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4338)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)
LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16186)