Description

repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner.

Remediation

References

CVE-2014-0125

Related Vulnerabilities

ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170)

Oracle JRE CVE-2014-2421 Vulnerability (CVE-2014-2421)

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2004-2756)

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-29052)

Oracle JRE CVE-2012-4681 Vulnerability (CVE-2012-4681)

Severity

Medium

Classification

CVE-2014-0125 CWE-264

Tags

Missing Update Known Vulnerabilities