Description

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).

Remediation

References

CVE-2023-28333

Related Vulnerabilities

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0195)

WordPress Plugin Metronet Tag Manager Cross-Site Request Forgery (1.2.7)

Moodle Other Vulnerability (CVE-2006-4943)

WordPress Plugin Ultimate FAQ Cross-Site Scripting (1.8.29)

Jenkins Improper Input Validation Vulnerability (CVE-2015-1808)

Severity

Critical

Classification

CVE-2023-28333 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities