CVE-2016-9187: Unrestricted Upload of File with Dangerous Type

November 4, 2016 (updated November 29, 2016)

Unrestricted file upload vulnerability in the double extension support in the “image” module in Moodle allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

References

www.securityfocus.com/bid/94191
nvd.nist.gov/vuln/detail/CVE-2016-9187
packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html

Code Behaviors & Features

Detect and mitigate CVE-2016-9187 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →