Description

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

Remediation

References

CVE-2013-3630

Related Vulnerabilities

WordPress Plugin LearnPress-WordPress LMS Security Bypass (4.1.4.1)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5731)

Oracle Database Server CVE-2010-0852 Vulnerability (CVE-2010-0852)

Oracle Application Server CVE-2006-3706 Vulnerability (CVE-2006-3706)

OpenSSL Improper Certificate Validation Vulnerability (CVE-2021-3450)

Severity

Medium

Classification

CVE-2013-3630 CWE-94

Tags

Missing Update Known Vulnerabilities