Description
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.
Remediation
References
Related Vulnerabilities
WordPress Plugin Zingiri Web Shop Multiple Cross-Site Scripting Vulnerabilities (2.4.1)
WordPress Plugin Clever Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (2.0.15)
Python Other Vulnerability (CVE-2012-2135)
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50089)