Authenticated remote code execution risk in imscp
CVE-2023-5540

8.8HIGH

Key Information:

Vendor

Fedora

Status
moodle
Extra Packages for Enterprise Linux 7
Fedora
Vendor
CVE Published:
9 November 2023

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2023-5540?

A remote code execution vulnerability exists in the IMSCP activity of Moodle, which may be exploited due to insufficient access controls. Under default settings, this vulnerability primarily affects teachers and managers, potentially allowing unauthorized code execution under certain conditions. Users of Moodle are encouraged to update to the latest versions as soon as patches become available to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

moodle 4.2.3

moodle 4.1.6

moodle 4.0.11

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-5540
Created by cli-ish

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...
https://bugzilla.redhat.com/show_bug.cgi?id=2243432
issue-trackingx_refsource_REDHAT
https://moodle.org/mod/forum/discuss.php?d=451581

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

JSON
.