Description

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

Remediation

References

CVE-2023-23923

Related Vulnerabilities

WordPress Plugin iThemes Security (formerly Better WP Security) Unspecified Vulnerability (6.9.0)

WordPress Plugin Simple Slide Show TimThumb Arbitrary File Upload (1.0)

Drupal Data Processing Errors Vulnerability (CVE-2017-6920)

PHP Numeric Errors Vulnerability (CVE-2012-2386)

Zope Web Application Server Other Vulnerability (CVE-2002-0170)

Severity

High

Classification

CVE-2023-23923 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Tags

Missing Update Known Vulnerabilities