CVE-2023-5540

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in packagist/moodle/moodle

Identifiers

CVE-2023-5540, GHSA-w8x2-w4qr-v3x4

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

Affected Versions

All versions before 3.9.24, all versions starting from 3.11.0 before 3.11.17, all versions starting from 4.0.0 before 4.0.11, all versions starting from 4.1.0 before 4.1.6, all versions starting from 4.2.0 before 4.2.3

Solution

Upgrade to versions 3.9.24, 3.11.17, 4.0.11, 4.1.6, 4.2.3 or above.

Last Modified

2023-11-10

source