CVE-2023-5540: 
PHP vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2023-5540) was identified in the IMSCP activity module of Moodle. The vulnerability was discovered and disclosed in October 2023, affecting Moodle versions 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23, and earlier unsupported versions. By default, this vulnerability was only accessible to users with teacher and manager roles (Moodle Advisory).

The vulnerability is classified as CWE-94 (Improper Control of Generation of Code - 'Code Injection'). According to the National Vulnerability Database, it received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability (NVD).

The vulnerability could allow authenticated users with teacher or manager roles to execute arbitrary code remotely on the affected Moodle installation. This poses a significant security risk as it could lead to complete system compromise with high impacts on confidentiality, integrity, and availability of the system (NVD).

The vulnerability has been fixed in Moodle versions 4.2.3, 4.1.6, 4.0.11, 3.11.17, and 3.9.24. Organizations running affected versions should upgrade to the patched versions immediately (Moodle Advisory).