|Description:||It was possible to inject code into Calculated questions that would be executed on the server.
|Issue summary:||Remote code execution in quiz calculated question
|Versions affected:||2.7, 2.6 to 2.6.3, 2.5 to 2.5.6, 2.4 to 2.4.10 and earlier unsupported versions
|Versions fixed:||2.7.1, 2.6.4, 2.5.7 and 2.4.11|
|Reported by:||Frédéric Massart|
||Disable calculated question types.|