Description

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

Remediation

References

CVE-2013-3630

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2013-6449)

Python URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-28861)

WordPress Plugin SP Project & Document Manager Arbitrary File Upload (4.21)

WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.5)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47795)

Severity

Medium

Classification

CVE-2013-3630 CWE-94

Tags

Missing Update Known Vulnerabilities