PT-2018-10508 · Moodle · Moodle

Brendan Cox

·

Publicado

2018-05-25

·

Atualizado

2022-05-14

·

CVE-2018-1135

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Moodle versions 3.x
Description An issue allows students who have posted on forums and exported these posts to portfolios to download any stored Moodle file. This is achieved by modifying the download URL.
Recommendations For Moodle versions 3.x, consider restricting access to the portfolio export feature for students until a fix is available. As a temporary workaround, monitor and limit changes to download URLs to prevent unauthorized file access.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-1135
GHSA-VXMV-74RF-VQGP

Produtos afetados

Moodle