cli-ish

4 exploits Active since Mar 2023
CVE-2023-5539 NOMISEC MEDIUM
moodle < 3.9.24 and 4.0.0-4.2.0 - Authenticated Remote Code Execution in Lesson Activity
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVSS 4.7
CVE-2023-5540 NOMISEC MEDIUM
moodle < 3.9.24 and >= 4.0.0 < 4.3.0-rc2 - Authenticated Remote Code Execution in IMSCP Activity
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVSS 4.7
CVE-2023-28329 NOMISEC HIGH
moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Authenticated SQL Injection
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
CVSS 8.8
CVE-2023-28330 NOMISEC MEDIUM
moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Authenticated Arbitrary File Read via Backup Feature
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
CVSS 6.5