Description
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-reCAPTCHA Cross-Site Scripting (3.1.3)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2017-3730)
WordPress Plugin Leaky Paywall PHP Object Injection (4.9.1)
WordPress 2.6.3 Cross-Site Scripting Vulnerability (0.6.2 - 2.6.3)
WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)