Description
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP eCommerce Security Bypass (3.8.14.3)
phpList Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-3188)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2017-5645)
WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8)
WordPress Plugin Tickera-WordPress Event Ticketing Security Bypass (3.4.9.1)