Miggo Logo
Miggo Vulnerability Database
CVE-2018-1135

CVE-2018-1135:
Moodle Portfolio forum caller class allows a user to download any file

6.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-1135
GHSA ID
GHSA-vxmv-74rf-vqgp
EPSS Score
0.56728%
CWE
CWE-200
Published
5/14/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.1, < 3.1.123.1.12
moodle/moodlecomposer>= 3.2, < 3.2.93.2.9
moodle/moodlecomposer>= 3.3, < 3.3.63.3.6
moodle/moodlecomposer>= 3.4, < 3.4.33.4.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper authorization checks in the forum portfolio export functionality. The portfolio_caller class handles file references when exporting forum posts but didn't properly validate if the user had permission to access each referenced file. The get_sha1 function's hash generation and prepare_package's file bundling process would be natural points where file references are processed without adequate permission checks, allowing URL parameter manipulation to access arbitrary files. These functions are core to the portfolio export mechanism and align with the described attack vector of modifying download URLs after post export.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in Moo*l* *.x. Stu**nts w*o post** on *orums *n* *xport** t** posts to port*olios **n *ownlo** *ny stor** Moo*l* *il* *y ***n*in* t** *ownlo** URL.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *ut*oriz*tion ****ks in t** *orum port*olio *xport *un*tion*lity. T** port*olio_**ll*r *l*ss **n*l*s *il* r***r*n**s w**n *xportin* *orum posts *ut *i*n't prop*rly v*li**t* i* t** us*r *** p*rmission to ****ss **