CVE-2023-5548: 
PHP vulnerability analysis and mitigation

CVE-2023-5548 is a vulnerability in Moodle that was discovered in 2023, requiring stronger revision number limitations on file serving endpoints to improve cache poisoning protection. The vulnerability affects Moodle versions 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions (Moodle Forum).

The vulnerability is classified as an Insufficient Verification of Data Authenticity issue (CWE-345) with a CVSS v3.1 base score of 5.3 (Medium). The vulnerability stems from inadequate revision number limitations in file serving endpoints, which could potentially lead to cache poisoning attacks (NVD).

The vulnerability primarily affects the integrity of the system, with potential for cache poisoning attacks. According to the CVSS metrics, while the vulnerability can be exploited remotely with low attack complexity, it only impacts the integrity aspect of the system with no effect on confidentiality or availability (Rapid7).

The vulnerability has been fixed in Moodle versions 4.2.3, 4.1.6, 4.0.11, 3.11.17, and 3.9.24. Users are advised to upgrade to these patched versions to mitigate the risk (Moodle Forum).

The vulnerability was reported by Yaniv Nizry from SonarSource and was assigned CVE-2023-5548. The issue was addressed through official security channels and documented in Moodle's security advisory MSA-23-0040 (Moodle Forum).