High severity8.8NVD Advisory· Published Nov 4, 2016· Updated May 6, 2026
CVE-2016-9187
CVE-2016-9187
Description
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 2.0.1, <= 3.2.1 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.htmlnvdExploitThird Party AdvisoryVDB EntryWEB
- www.securityfocus.com/bid/94191nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-58fm-v4pr-jh8pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-9187ghsaADVISORY
News mentions
0No linked articles in our index yet.