Search for vulnerabilities
Vulnerability details: VCID-yjxe-qdpw-7bhn
Vulnerability ID VCID-yjxe-qdpw-7bhn
Aliases CVE-2023-5540
GHSA-w8x2-w4qr-v3x4
Summary Moodle Code Injection vulnerability A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 4.7 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
cvssv3.1 8.8 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
generic_textual HIGH http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
ssvc Track http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
epss 0.01832 https://api.first.org/data/v1/epss?cve=CVE-2023-5540
epss 0.01832 https://api.first.org/data/v1/epss?cve=CVE-2023-5540
cvssv3.1 4.7 https://bugzilla.redhat.com/show_bug.cgi?id=2243432
cvssv3.1 8.8 https://bugzilla.redhat.com/show_bug.cgi?id=2243432
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2243432
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2243432
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-w8x2-w4qr-v3x4
cvssv3.1 8.8 https://github.com/moodle/moodle
generic_textual HIGH https://github.com/moodle/moodle
cvssv3.1 8.8 https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522
generic_textual HIGH https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522
cvssv3.1 4.7 https://moodle.org/mod/forum/discuss.php?d=451581
cvssv3.1 8.8 https://moodle.org/mod/forum/discuss.php?d=451581
generic_textual HIGH https://moodle.org/mod/forum/discuss.php?d=451581
ssvc Track https://moodle.org/mod/forum/discuss.php?d=451581
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-5540
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-5540
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
https://api.first.org/data/v1/epss?cve=CVE-2023-5540
https://bugzilla.redhat.com/show_bug.cgi?id=2243432
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522
https://moodle.org/mod/forum/discuss.php?d=451581
https://nvd.nist.gov/vuln/detail/CVE-2023-5540
GHSA-w8x2-w4qr-v3x4 https://github.com/advisories/GHSA-w8x2-w4qr-v3x4
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T20:12:01Z/ Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243432
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243432
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T20:12:01Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2243432
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at https://moodle.org/mod/forum/discuss.php?d=451581
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://moodle.org/mod/forum/discuss.php?d=451581
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T20:12:01Z/ Found at https://moodle.org/mod/forum/discuss.php?d=451581
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5540
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.82081
EPSS Score 0.01832
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:15:24.548702+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-w8x2-w4qr-v3x4/GHSA-w8x2-w4qr-v3x4.json 36.1.3