Description

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

Remediation

References

CVE-2023-23923

Related Vulnerabilities

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0734)

TYPO3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-30451)

Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12)

WebLogic CVE-2023-21996 Vulnerability (CVE-2023-21996)

WordPress Plugin ABC Test 'id' Parameter Cross-Site Scripting (0.1)

Severity

High

Classification

CVE-2023-23923 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Tags

Missing Update Known Vulnerabilities