The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| moodle/moodle(Packagist) | 0 | 4.2.0-rc2 | N/A |
CVSS Metrics
