Description
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2005-3445)
Microsoft SQL Server Other Vulnerability (CVE-2002-1145)
Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6563)
WordPress Plugin Relevanssi Premium-A Better Search Multiple Vulnerabilities (1.14.4)
Internet Information Services Other Vulnerability (CVE-2000-0886)