Skip to main content

Moodle CVE-2023-5549

MEDIUM
Improper Access Control (CWE-284)
2023-11-09 patrick@puiterwijk.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 09, 2023 - 20:15 nvd
MEDIUM 5.3

DescriptionNVD

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.

AnalysisAI

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-284. Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. Affected products include: Moodle, Fedoraproject Extra Packages For Enterprise Linux, Fedoraproject Fedora.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Moodle

View all
CVE-2013-3630 MEDIUM POC
4.6 Nov 01

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell

CVE-2021-21809 CRITICAL POC
9.1 Jun 23

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. Rated critical severi

CVE-2024-43425 HIGH POC
8.1 Nov 07

A flaw was found in Moodle. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authenticatio

CVE-2017-2641 CRITICAL POC
9.8 Mar 26

In Moodle 2.x and 3.x, SQL injection can occur via user preferences. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2025-34031 HIGH POC
7.5 Jun 24

The Moodle LMS Jmol plugin version 6.1 and earlier contains a path traversal vulnerability in jsmol.php. The query param

CVE-2013-4341 MEDIUM POC
4.3 Sep 16

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, an

CVE-2016-9187 HIGH POC
8.8 Nov 04

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remo

CVE-2016-9186 HIGH POC
8.8 Nov 04

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows re

CVE-2018-14630 HIGH POC
8.8 Sep 17

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional re

CVE-2018-1133 HIGH POC
8.8 May 25

An issue was discovered in Moodle 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low a

CVE-2016-7919 HIGH POC
7.5 Oct 28

Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injectio

CVE-2021-47857 HIGH POC
7.2 Jan 21

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows

Share

CVE-2023-5549 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy