EPSS
Percentile
55.6%
Moodle is vulnerable to upload-size restriction bypass. Authenticated users can bypass intended upload-size restrictions due to a flaw in repository/repository_ajax.php using a -1 value in the maxbytes field.
repository/repository_ajax.php
-1
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792
moodle.org/mod/forum/discuss.php?d=211555
openwall.com/lists/oss-security/2012/09/17/1