Moodle is vulnerable to the bypass of file-management restrictions. Authenticated attackers can bypass the intended file-management restrictions when using web services to perform uploads after the moodle/user:manageownfiles
capability has been revoked.