Description

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

Remediation

References

CVE-2016-9187

Related Vulnerabilities

XWiki Improper Privilege Management Vulnerability (CVE-2023-34465)

WordPress Plugin Elementor Website Builder Multiple Vulnerabilities (3.16.4)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3126)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-3221)

WordPress Plugin Malware Scanner SQL Injection (4.7.2)

Severity

High

Classification

CVE-2016-9187 CWE-434 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities