BIT-moodle-2023-5550

Import Source
https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2023-5550.json
Aliases
Published
2024-03-06T10:56:51.095Z
Modified
2024-03-06T11:25:28.861Z
Details

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.

References

Affected packages

Bitnami / moodle

Package

Name
moodle

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.9.24
Introduced
3.11.0
Fixed
3.11.17
Introduced
4.0.0
Fixed
4.0.11
Introduced
4.1.0
Fixed
4.1.6
Introduced
4.2.0
Fixed
4.2.3