Moodle 3.8 Arbitary File Upload

Moodle version 3.8 suffers from an arbitrary file upload vulnerability.