PT-2019-11590 · Moodle+1 · Moodle+1

Guillermo Leon Alvarez Salamanca

Published

2019-06-18

Updated

2022-05-24

CVE-2019-10134

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7 Moodle version 3.6.4 and earlier Moodle version 3.5.6 and earlier Moodle version 3.4.9 and earlier Moodle version 3.1.18 and earlier

Description: A flaw was found in the handling of private file uploads via email. The size of these uploads was not correctly checked, allowing users' quota allowance to be exceeded.

Recommendations: For versions prior to 3.7, update to version 3.7 or later to resolve the issue. For version 3.6.4 and earlier, update to version 3.6.5 or later to resolve the issue. For version 3.5.6 and earlier, update to version 3.5.7 or later to resolve the issue. For version 3.4.9 and earlier, update to version 3.4.10 or later to resolve the issue. For version 3.1.18 and earlier, update to version 3.1.19 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2019-2080

ALT-PU-2019-2096

CVE-2019-10134

GHSA-J8WR-7XXJ-C2FR

Affected Products

Alt Linux

Moodle

PT-2019-11590 · Moodle+1 · Moodle+1

CVE-2019-10134

Weakness Enumeration

Related Identifiers

Affected Products

References · 9