Описание
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.0 (включая) до 3.1.11 (включая)Версия от 3.2.0 (включая) до 3.2.8 (включая)Версия от 3.3.0 (включая) до 3.3.5 (включая)Версия от 3.4.0 (включая) до 3.4.2 (включая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00349
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.5
ubuntu
около 7 лет назад
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
CVSS3: 6.5
debian
около 7 лет назад
An issue was discovered in Moodle 3.x. Students who posted on forums a ...
CVSS3: 6.5
github
около 3 лет назад
Moodle Portfolio forum caller class allows a user to download any file
EPSS
Процентиль: 57%
0.00349
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200