BIT-moodle-2023-5550

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2023-5550.json

Aliases

CVE-2023-5550
GHSA-5cvx-cwpx-9rjh

Published

2023-11-18T07:21:57.824Z

Modified

2023-11-18T08:11:18.824969Z

Details

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249
https://bugzilla.redhat.com/show_bug.cgi?id=2243452
https://moodle.org/mod/forum/discuss.php?d=451591

Affected packages

Bitnami / moodle

Package

Name: moodle

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.9.24

Introduced

3.11.0

Fixed

3.11.17

Introduced

4.0.0

Fixed

4.0.11

Introduced

4.1.0

Fixed

4.1.6

Introduced

4.2.0

Fixed

4.2.3