Description
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
Remediation
References
Related Vulnerabilities
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4203)
WordPress Plugin Easy Testimonials Cross-Site Scripting (3.0.4)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2016-8627)
Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)