Platform
php
Component
moodle/moodle
Fixed in
4.1.2
4.0.7
3.11.13
3.9.20
4.1.2
CVE-2023-28333 identifies a potential Mustache injection vulnerability within the Mustache pix helper in Moodle LMS. This flaw arises when user-supplied input is improperly handled, potentially allowing an attacker to inject malicious Mustache templates. While the vulnerability isn't directly exploitable within the core Moodle LMS, its presence poses a significant risk if custom plugins or integrations utilize the helper with unfiltered user input. Affected versions include those prior to 4.1.2; upgrading to the latest version is recommended.
The core of the vulnerability lies in the Mustache pix helper's inadequate sanitization of user-provided data. If a malicious user can inject Mustache code through an input field that's subsequently processed by the helper, they could potentially execute arbitrary code on the server. Although the vulnerability isn't present in core Moodle, custom plugins or integrations that leverage the Mustache pix helper without proper input validation are at significant risk. Successful exploitation could lead to unauthorized access to sensitive data, modification of system configurations, or even complete server compromise. The potential blast radius depends heavily on the specific plugins and integrations in use, but a compromised Moodle instance could impact a large number of users and their data.
CVE-2023-28333 was publicly disclosed on March 23, 2023. While the vulnerability is considered critical, there are currently no known public exploits or active campaigns targeting it. It is not listed on the CISA KEV catalog. The potential for exploitation remains, particularly in environments with custom plugins or integrations that haven't been thoroughly reviewed for security vulnerabilities. The lack of a readily available proof-of-concept doesn't diminish the importance of patching.
Exploit Status
EPSS
0.88% (75% percentile)
CVSS Vector
The primary mitigation for CVE-2023-28333 is to upgrade Moodle LMS to version 4.1.2 or later, which includes the necessary fix. If an immediate upgrade isn't feasible, carefully review all custom plugins and integrations that utilize the Mustache pix helper. Implement strict input validation and sanitization routines to prevent the injection of malicious Mustache code. Consider using a Web Application Firewall (WAF) with rules to detect and block Mustache injection attempts. Regularly scan your Moodle installation for vulnerable plugins using security scanning tools. After upgrading, confirm the fix by attempting to inject a simple Mustache template through a user input field and verifying that it is properly sanitized.
Update Moodle to the latest available version. If you are using an older version, update to the most recent version of branch 3.9, 3.11, 4.0, or 4.1 as appropriate. This will resolve the Mustache code injection vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-28333 is a critical vulnerability in Moodle LMS versions 4.1.1 and earlier, allowing potential Mustache injection if user input isn't properly sanitized, potentially leading to code execution.
If you are running Moodle LMS versions prior to 4.1.2, you are potentially affected. The risk is higher if you use custom plugins or integrations that utilize the Mustache pix helper.
Upgrade Moodle LMS to version 4.1.2 or later. Review and sanitize all user input used with the Mustache pix helper in custom plugins and integrations.
As of now, there are no known public exploits or active campaigns targeting CVE-2023-28333, but the potential for exploitation remains.
Refer to the official Moodle security advisory for CVE-2023-28333: [https://security.moodle.org/mod/showcontent/content/616](https://security.moodle.org/mod/showcontent/content/616)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.