Description
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.
Remediation
References
Related Vulnerabilities
WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.6.95)
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10003)
WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.1)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0401)
ownCloud Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-2052)