User input passed through the "customicon" when creating a new course is not properly
sanitized before being uploaded into the /content/ directory. This could be exploited
to upload and execute arbitrary PHP code. Successful exploitation of this vulnerability
requires an account with permissions to create new courses.
发表于 2015-11-5 13:39:18
