Description

repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner.

Remediation

References

CVE-2014-0125

Related Vulnerabilities

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9517)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-9416)

Lighttpd Other Vulnerability (CVE-2007-1870)

WordPress Plugin BizLibrary Cross-Site Scripting (1.1)

Oracle Database Server CVE-2006-3703 Vulnerability (CVE-2006-3703)

Severity

Medium

Classification

CVE-2014-0125 CWE-264

Tags

Missing Update Known Vulnerabilities