CVE-2018-1135

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt