Описание
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.0 (включая) до 3.1.11 (включая)Версия от 3.2.0 (включая) до 3.2.8 (включая)Версия от 3.3.0 (включая) до 3.3.5 (включая)Версия от 3.4.0 (включая) до 3.4.2 (включая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00349
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.5
ubuntu
больше 7 лет назад
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
CVSS3: 6.5
debian
больше 7 лет назад
An issue was discovered in Moodle 3.x. Students who posted on forums a ...
CVSS3: 6.5
github
больше 3 лет назад
Moodle Portfolio forum caller class allows a user to download any file
EPSS
Процентиль: 57%
0.00349
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200