Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle CVE-2024-34002 Vulnerability (CVE-2024-34002)

Description

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include.

Remediation

References

Related Vulnerabilities

OpenVPN AS Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2020-36382)

WordPress Plugin Advanced User Registration and Management Cross-Site Scripting (2.3.5)

ownCloud Incorrect Authorization Vulnerability (CVE-2021-29659)

Internet Information Services Other Vulnerability (CVE-1999-0738)

Oracle JRE CVE-2013-1484 Vulnerability (CVE-2013-1484)

Severity

Medium

Classification

CVE-2024-34002 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities