Description

The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.

Remediation

References

CVE-2012-5479

Related Vulnerabilities

RubyGems Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000079)

WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-5000)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4789)

WordPress Plugin Responsive WordPress Slider-Avartan Slider Lite Cross-Site Scripting (1.4)

Severity

Medium

Classification

CVE-2012-5479 CWE-264

Tags

Missing Update Known Vulnerabilities