Description
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
Remediation
References
Related Vulnerabilities
Oracle JRE Improper Access Control Vulnerability (CVE-2025-53057)
WordPress Plugin WP Reroute Email Cross-Site Request Forgery (1.4.6)
Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)
MySQL CVE-2017-3638 Vulnerability (CVE-2017-3638)
WordPress Plugin MP3-jPlayer Multiple Cross-Site Scripting Vulnerabilities (1.8.11)