Description
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.
Remediation
References
Related Vulnerabilities
Envoy Proxy Integer Overflow or Wraparound Vulnerability (CVE-2021-28682)
Magento CVE-2019-8110 Vulnerability (CVE-2019-8110)
ATutor Incorrect Authorization Vulnerability (CVE-2019-16114)
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.8)
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-28615)