CVE-2023-5540

MEDIUM

moodle < 3.9.24 and >= 4.0.0 < 4.3.0-rc2 - Authenticated Remote Code Execution in IMSCP Activity

Title source: llm
STIX 2.1

Description

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

References (3)

Core 3
Core References
Issue Tracking, Patch, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2243432

Scores

CVSS v3 4.7
EPSS 0.0220
EPSS Percentile 84.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (4)
fedoraproject/extra_packages_for_enterprise_linux 7.0
fedoraproject/fedora 38
moodle/moodle < 3.9.24
moodle/moodle 0 - 4.3.0-rc2Packagist
Published Nov 09, 2023
Tracked Since Feb 18, 2026