PT-2016-7687 · Moodle · Moodle

Published

2016-11-04

Updated

2022-05-17

CVE-2016-9187

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moodle version 3.1.2

Description The issue concerns an unrestricted file upload vulnerability in the image module, allowing remote authenticated users to execute arbitrary code. This is achieved by uploading a file with an executable extension and accessing it via unspecified vectors.

Recommendations For Moodle version 3.1.2, update to a version that addresses this issue to prevent remote authenticated users from executing arbitrary code through file uploads.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2016-9187

GHSA-58FM-V4PR-JH8P

Affected Products

Moodle

PT-2016-7687 · Moodle · Moodle

CVE-2016-9187

Weakness Enumeration

Related Identifiers

Affected Products

References · 10