VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-rcwf-j578-zkcm

Essentials
Severities (18)
References (8)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-rcwf-j578-zkcm
Aliases	CVE-2023-5539 GHSA-3xxm-3g3c-w579
Summary	Moodle Code Injection vulnerability A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-94	Improper Control of Generation of Code ('Code Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	4.7	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408
ssvc	Track	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408
epss	0.01832	https://api.first.org/data/v1/epss?cve=CVE-2023-5539
epss	0.01832	https://api.first.org/data/v1/epss?cve=CVE-2023-5539
cvssv3.1	4.7	https://bugzilla.redhat.com/show_bug.cgi?id=2243352
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2243352
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2243352
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3xxm-3g3c-w579
cvssv3.1	4.7	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	4.7	https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce
cvssv3.1	4.7	https://moodle.org/mod/forum/discuss.php?d=451580
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=451580
ssvc	Track	https://moodle.org/mod/forum/discuss.php?d=451580
cvssv3.1	4.7	https://nvd.nist.gov/vuln/detail/CVE-2023-5539
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-5539

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408
		https://api.first.org/data/v1/epss?cve=CVE-2023-5539
		https://bugzilla.redhat.com/show_bug.cgi?id=2243352
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce
		https://moodle.org/mod/forum/discuss.php?d=451580
		https://nvd.nist.gov/vuln/detail/CVE-2023-5539
GHSA-3xxm-3g3c-w579		https://github.com/advisories/GHSA-3xxm-3g3c-w579

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:23:49Z/ Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243352

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:23:49Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243352

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://moodle.org/mod/forum/discuss.php?d=451580

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:23:49Z/ Found at https://moodle.org/mod/forum/discuss.php?d=451580

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5539

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.82081
EPSS Score	0.01832
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:15:20.985420+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-3xxm-3g3c-w579/GHSA-3xxm-3g3c-w579.json	36.1.3