Description
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Remediation
References
Related Vulnerabilities
WordPress Plugin Category and Page Icons Cross-Site Scripting (0.9.2)
WordPress Plugin Leaflet 'id' Parameter Cross-Site Scripting (0.0.1)
Drupal Core Multiple Vulnerabilities (8.0.0 - 9.1.15)
WordPress Plugin Contact Form DB Cross-Site Request Forgery (2.8.31)
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.7.0)