Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle CVE-2024-34005 Vulnerability (CVE-2024-34005)

Description

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include.

Remediation

References

Related Vulnerabilities

WordPress Plugin MainWP Dashboard Cross-Site Scripting (3.1.2)

Oracle JRE CVE-2012-3213 Vulnerability (CVE-2012-3213)

WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.5)

Oracle Application Server Other Vulnerability (CVE-2006-3708)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15735)

Severity

Medium

Classification

CVE-2024-34005 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities