Description

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

Remediation

References

CVE-2023-5540

Related Vulnerabilities

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8156)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5323)

Wordpress Plugin Backup Migration Files or Directories Accessible to External Parties Vulnerability (CVE-2023-6266)

WordPress Plugin MailChimp List Subscribe Form Multiple Unspecified Vulnerabilities (1.1)

WordPress Plugin WP Web Scraper Unspecified Vulnerability (2.4)

Severity

High

Classification

CVE-2023-5540 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities