Description
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ultimate Addons for Elementor Security Bypass (1.20.0)
Oracle Database Server CVE-2018-3110 Vulnerability (CVE-2018-3110)
WordPress Plugin WassUp Real Time Analytics Unspecified Vulnerability (1.7.2)
WordPress Plugin Doctor Appointment Booking Multiple Vulnerabilities (1.0.0)
WordPress Plugin Download Theme Arbitrary Directory Download (1.0.2)