Description
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
Remediation
References
Related Vulnerabilities
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.1)
WordPress Plugin Users Ultra SQL Injection (1.3.58)
WordPress Plugin Gravity Forms FreshDesk Cross-Site Scripting (1.2.8)
Joomla! Core 1.5.x Directory Traversal (1.5.0 - 1.5.8)
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10334)