Description

mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.

Remediation

References

CVE-2013-2079

Related Vulnerabilities

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13587)

WordPress Plugin LazyEater Unspecified Vulnerability (1.2.1)

WordPress Plugin Youtube shortcode Cross-Site Scripting (1.8.5)

Dolibarr Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-30253)

MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-24734)

Severity

Medium

Classification

CVE-2013-2079 CWE-264

Tags

Missing Update Known Vulnerabilities