CVE-2016-9186

Name of the Vulnerable Software and Affected Versions Moodle version 3.1.2

Description The issue concerns an unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules. This allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and then accessing it via unspecified vectors.

Recommendations For Moodle version 3.1.2, consider restricting access to the "legacy course files" and "file manager" modules to prevent exploitation until a fix is available. As a temporary workaround, restrict the ability to upload files with executable extensions in these modules.