CVE Vulnerabilities

CVE-2023-5550

Published: Nov 09, 2023 | Modified: Nov 17, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

In a shared hosting environment that has been misconfigured to allow access to other users content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle * 3.9.24 (excluding)
Moodle Moodle 3.11.0 (including) 3.11.17 (excluding)
Moodle Moodle 4.0.0 (including) 4.0.11 (excluding)
Moodle Moodle 4.1.0 (including) 4.1.6 (excluding)
Moodle Moodle 4.2.0 (including) 4.2.3 (excluding)
Moodle Ubuntu bionic *
Moodle Ubuntu trusty *
Moodle Ubuntu xenial *

References