Description
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.
Remediation
References
Related Vulnerabilities
WordPress Plugin Paid Downloads 'download_key' Parameter SQL Injection (2.01)
WordPress Plugin Yoast SEO Security Bypass (1.4.6)
WordPress Plugin Polldaddy Polls & Ratings Cross-Site Scripting (2.0.31)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-17485)
WordPress Plugin The Events Calendar Countdown Addon Security Bypass (1.3.1)