Description

A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.

Remediation

References

CVE-2024-43425

Related Vulnerabilities

Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2018-8004)

phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-0792)

PostgreSQL Improper Validation of Specified Type of Input Vulnerability (CVE-2026-2004)

WordPress Plugin Duo Two-Factor Authentication Security Bypass (1.8.1)

WordPress Plugin Contact Form by BestWebSoft Cross-Site Request Forgery (3.82)

Severity

High

Classification

CVE-2024-43425 CWE-94 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities