Description
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
Remediation
References
Related Vulnerabilities
WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)
WordPress Plugin Cool Video Gallery Command Injection (1.9)
WordPress 'templates.php' Cross-Site Scripting Vulnerability (0.6.2 - 2.1)
WordPress Plugin Advanced Classifieds & Directory Pro Local File Inclusion (3.1.3)