Description
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Custom Fields PRO Multiple Security Bypass Vulnerabilities (5.10)
Oracle Database Server CVE-2021-2332 Vulnerability (CVE-2021-2332)
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.2)
WordPress Plugin World Travel Information Cross-Site Scripting (1.0.0)