Description In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. Remediation References CVE-2017-2576 Related Vulnerabilities MySQL CVE-2018-2591 Vulnerability (CVE-2018-2591) Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-26690) WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.3.1) WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.5) Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-4040) Severity Medium Classification CVE-2017-2576 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities