3 matches found
CVE-2020-6293
SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...
Design/Logic Flaw
repository/repositoryajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field...
CVE-2012-4400
Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 are affected by CVE-2012-4400 due to a flaw in repository/repository_ajax.php that allows remote authenticated users to bypass upload-size restrictions by sending -1 in the maxbytes field. The underlying issue is insufficient input validation for t...