Description
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-26185)
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2020-13434)
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)
WordPress 3.7.x Possible SQL Injection Vulnerability (3.7 - 3.7.22)