Description
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Statistics Remote Code Execution (1.8)
WordPress Plugin WP Photo Album 'photo' Parameter SQL Injection (1.0)
WordPress Plugin Custom 404 Pro Cross-Site Scripting (3.2.7)
Apache Traffic Server HTTP Request Smuggling Vulnerability (CVE-2020-17509 )
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5734)