CVE-2023-5540

MEDIUM

Moodle < 3.9.24 - Code Injection

Title source: rule

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

nomisec

by cli-ish · poc

CVSS v3 4.7

EPSS 0.0201

EPSS Percentile 83.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-94

Status published

Products (4)

fedoraproject/extra_packages_for_enterprise_linux 7.0

fedoraproject/fedora 38

moodle/moodle < 3.9.24

moodle/moodle 0 - 4.3.0-rc2Packagist

Published Nov 09, 2023

Tracked Since Feb 18, 2026