A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. This flaw affects versions 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions.
https://moodle.org/mod/forum/discuss.php?d=451581
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 2244898] Affects: fedora-all [bug 2244899]