Description
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
Remediation
References
Related Vulnerabilities
Apache Tomcat Insufficiently Protected Credentials Vulnerability (CVE-2019-12418)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15729)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-6623)
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2013-0340)
WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.10)