cli-ish - Security Researcher - Exploit Intelligence Platform

CVE-2023-5539 NOMISEC MEDIUM

Moodle < 3.9.24 - Code Injection

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

CVSS 4.7

View Code

CVE-2023-5540 NOMISEC MEDIUM

Moodle < 3.9.24 - Code Injection

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

CVSS 4.7

View Code

CVE-2023-28329 NOMISEC HIGH

Moodle < 3.9.20 - SQL Injection

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

CVSS 8.8

View Code

CVE-2023-28330 NOMISEC MEDIUM

Moodle < 3.9.20 - Improper Input Validation

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

CVSS 6.5

View Code