Description
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Remediation
References
Related Vulnerabilities
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-17359)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3946)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-11327)