Moodle Filepicker 3.5.2 - Server Side Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link:...

Moodle Filepicker 3.5.2 Server-Side Request Forgery

Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.4, 3.3, 3.3.3, 3.2 ...

Moodle Filepicker 3.5.2 - Server Side Request Forgery

Moodle Filepicker 3.5.2 - Server Side Request Forgery Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link:...

Upload-size Restriction Bypass

Moodle is vulnerable to upload-size restriction bypass. Authenticated users can bypass intended upload-size restrictions due to a flaw in repository/repositoryajax.php using a -1 value in the maxbytes field...

CVE-2012-4400

repository/repositoryajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field...

Design/Logic Flaw

repository/repositoryajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field...

CVE-2012-4400

Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 are affected by CVE-2012-4400 due to a flaw in repository/repository_ajax.php that allows remote authenticated users to bypass upload-size restrictions by sending -1 in the maxbytes field. The underlying issue is insufficient input validation for t...