Moodle User Could Execute Local File Include Attack in Misconfigured Shared Hosting Environment
CVE-2024-34002

Currently unrated

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 31 May 2024

What is CVE-2024-34002?

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include.

References

https://moodle.org/mod/forum/discuss.php?d=458390

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2024

CVE-2024-34002 Data

JSON