CVE-2019-14883
CVE-2019-14883 affects Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3. The vulnerability arises because tokens used to fetch inline attachments in email notifications were not disabled when a user’s account became inactive. The attacker would need to know the file path and a valid token to access t...