The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
openwall.com/lists/oss-security/2014/07/21/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d
github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894
github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c
github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2
github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844
github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc
github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42
github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91
github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33
moodle.org/mod/forum/discuss.php?d=264262
nvd.nist.gov/vuln/detail/CVE-2014-3541