Vulnerabilities > Moodle > Moodle > 4.1.4

DATE CVE VULNERABILITY TITLE RISK
2023-11-09 CVE-2023-5550 In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
network
low complexity
moodle fedoraproject
critical
 9.8
9.8
2023-11-09 CVE-2023-5551 Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
local
low complexity
moodle fedoraproject
3.3
3.3