Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Use of a Key Past its Expiration Date Vulnerability (CVE-2024-38277)

Description

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.

Remediation

References

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2004-0837)

PHP Improper Input Validation Vulnerability (CVE-2007-4784)

WordPress Plugin Post to CSV by BestWebSoft CSV Injection (1.4.0)

XWiki Missing Authorization Vulnerability (CVE-2022-31167)

Envoy Proxy Missing Authentication for Critical Function Vulnerability (CVE-2022-29226)

Severity

Medium

Classification

CVE-2024-38277 CWE-324 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities