Description
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.
Remediation
References
Related Vulnerabilities
WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)
PostgreSQL Insufficiently Protected Credentials Vulnerability (CVE-2021-23222)
Apache HTTP Server CVE-2018-1283 Vulnerability (CVE-2018-1283)
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.3)
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)