Description
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
Remediation
References
Related Vulnerabilities
Joomla Improper Input Validation Vulnerability (CVE-2018-11321)
WordPress Plugin WooCommerce Anti-Fraud Security Bypass (3.2)
WordPress Plugin AJAX Comment Page Cross-Site Scripting (3.25)
WordPress Plugin Weekly Schedule Cross-Site Scripting (3.4.2)
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Scripting (1.8.1)