Moodle is a learning platform designed to provide educators, administrators and learners with a system to create personalised learning environments. Moodle is vulnerable to arbitrary code execution. when importing ddwtos type by XML it allows importing questions that contain PHP code which will be executed when rendered.
When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.
upgrade to Moode
14 days trial , No credit card upfront , Risk free