Lucene search

Ubuntu.comUB:CVE-2023-30944

HistoryMay 02, 2023 - 12:00 a.m.

CVE-2023-30944

2023-05-0200:00:00

ubuntu.com

124

cve-2023-30944

insufficient sanitization

user-supplied data

remote attacker

sql commands

application database

unix

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.004 Low

EPSS

Percentile

73.2%

JSON

The vulnerability was found Moodle which exists due to insufficient
sanitization of user-supplied data in external Wiki method for listing
pages. A remote attacker can send a specially crafted request to the
affected application and execute limited SQL commands within the
application database.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmoodle< anyUNKNOWN
ubuntu16.04noarchmoodle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	moodle	< any	UNKNOWN
ubuntu	16.04	noarch	moodle	< any	UNKNOWN

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187

bugzilla.redhat.com/show_bug.cgi?id=2188606

launchpad.net/bugs/cve/CVE-2023-30944

moodle.org/mod/forum/discuss.php?d=446286

nvd.nist.gov/vuln/detail/CVE-2023-30944

security-tracker.debian.org/tracker/CVE-2023-30944

www.cve.org/CVERecord?id=CVE-2023-30944

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.004 Low

EPSS

Percentile

73.2%

JSON

Related for UB:CVE-2023-30944