Description

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

Remediation

References

CVE-2016-9187

Related Vulnerabilities

MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)

WordPress Plugin FeedWordPress Multiple Vulnerabilities (2015.0426)

WordPress Plugin Zero BS WordPress CRM Cross-Site Request Forgery (2.99.9)

WordPress Plugin Connections Business Directory Unspecified Vulnerability (0.7.1.5)

Joomla Cross-Site Request Forgery (CSRF) (CVE-2021-26033)

Severity

High

Classification

CVE-2016-9187 CWE-434 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities