WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9186)

Description

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

Remediation

References

Related Vulnerabilities

Nginx Other Vulnerability (CVE-2016-0746)

Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-38887)

WordPress Plugin WP Survey And Quiz Tool 'action' Parameter Cross-Site Scripting (1.2.1)

WordPress Plugin WPFront User Role Editor Multiple Cross-Site Scripting Vulnerabilities (2.13)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Cross-Site Request Forgery (3.6.4)

Severity

High

Classification

CVE-2016-9186 CWE-434 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities