An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. https://www.exploit-db.com/exploits/46551
*** This bug has been marked as a duplicate of bug 660916 ***