mod/assign/locallib.php in the assignment module in Moodle 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 2.3.4 |
||
moodle moodle 2.3.3 |
||
moodle moodle 2.3.2 |
||
moodle moodle 2.3.1 |
||
moodle moodle 2.3.0 |
||
moodle moodle 2.3.6 |
||
moodle moodle 2.3.5 |
||
moodle moodle 2.4.3 |
||
moodle moodle 2.4.0 |
||
moodle moodle 2.4.1 |
||
moodle moodle 2.4.2 |