Headline
GHSA-5cvx-cwpx-9rjh: Moodle Code Injection vulnerability
In a shared hosting environment that has been misconfigured to allow access to other users’ content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
Moodle Code Injection vulnerability
Moderate severity GitHub Reviewed Published Nov 9, 2023 to the GitHub Advisory Database • Updated Nov 10, 2023
Related news
CVE-2023-5550: Official Moodle git projects - moodle.git/search
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.