Description

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.

Remediation

References

CVE-2013-1836

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-44309)

WordPress Plugin WordPress Simple Shop Cross-Site Scripting (1.2)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership SQL Injection (2.8.2)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-38901)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.3)

Severity

Medium

Classification

CVE-2013-1836 CWE-264

Tags

Missing Update Known Vulnerabilities