CVE-2023-5539

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in packagist/moodle/moodle

Identifiers

CVE-2023-5539, GHSA-3xxm-3g3c-w579

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

Affected Versions

All versions before 3.9.24, all versions starting from 3.11.0 before 3.11.17, all versions starting from 4.0.0 before 4.0.11, all versions starting from 4.1.0 before 4.1.6, all versions starting from 4.2.0 before 4.2.3

Solution

Upgrade to versions 3.9.24, 3.11.17, 4.0.11, 4.1.6, 4.2.3 or above.

Last Modified

2023-11-10

source