Moodle : Security Vulnerabilities, CVEs, Published In 2016 (Code Execution)
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.41%
Published
2016-11-04
Updated
2016-11-29
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.41%
Published
2016-11-04
Updated
2016-11-29
2 vulnerabilities found