Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1836)

Description

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.

Remediation

References

Related Vulnerabilities

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36501)

Sqlite Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-7443)

MySQL CVE-2019-2503 Vulnerability (CVE-2019-2503)

WordPress Plugin PowerPress Podcasting by Blubrry Arbitrary File Upload (8.3.7)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8134)

Severity

Medium

Classification

CVE-2013-1836 CWE-264

Tags

Missing Update Known Vulnerabilities