Description
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin Login Widget With Shortcode Cross-Site Request Forgery (3.1.1)
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3809)
WordPress Plugin Better Click To Tweet Unspecified Vulnerability (5.1)
WordPress Plugin Resume Submissions & Job Postings Arbitrary File Upload (2.5.1)