CVE-2023-5540

Severity

8.8HIGH

EPSS

2.0%

top 16.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 9

Description

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

▶NVDmoodle/moodle3.11.0 — 3.11.17+4

▶Packagistmoodle/moodle< 4.3.0-rc2

Also affects: Fedora 38

CVEList

Moodle: authenticated remote code execution risk in imscp↗2023-11-09

▶

OSV

Moodle Code Injection vulnerability↗2023-11-09

▶

GHSA

Moodle Code Injection vulnerability↗2023-11-09

▶

OSV

CVE-2023-5540: A remote code execution risk was identified in the IMSCP activity↗2023-11-09

▶