CVE-2018-1135

MEDIUM

Moodle 3.1.0-3.1.11 - Unauthenticated Exposure of Sensitive Information via Forum Post Export

Title source: llm
STIX 2.1

Description

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=371201
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104307

Scores

CVSS v3 6.5
EPSS 0.0018
EPSS Percentile 38.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
moodle/moodle 3.1 - 3.1.12Packagist
moodle/moodle 3.1.0 - 3.1.11
Published May 25, 2018
Tracked Since Feb 18, 2026