Description
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.
Remediation
References
Related Vulnerabilities
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-6188)
Moodle Cryptographic Issues Vulnerability (CVE-2009-4302)
Joomla! Core 3.2.x Cross-Site Scripting (3.2.0 - 3.2.4)
WordPress Plugin Invoicing with InvoiceXpress for WooCommerce-Free Cross-Site Scripting (3.0.2)