Description
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.2)
WordPress Plugin WooCommerce Potential PHP Object Injection (3.4.4)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7864)
WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.35)