Description

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

Remediation

References

CVE-2016-9186

Related Vulnerabilities

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51487)

PHP Improper Input Validation Vulnerability (CVE-2017-7189)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2221)

WordPress Plugin Video Posts Webcam Recorder Cross-Site Scripting (1.55.4)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0372)

Severity

High

Classification

CVE-2016-9186 CWE-434 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities