Moodle User with Direct Access to Web Server Can Execute Local File Include Attack
CVE-2024-34005

Currently unrated

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 31 May 2024

What is CVE-2024-34005?

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include.

References

https://moodle.org/mod/forum/discuss.php?d=458394

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2024

CVE-2024-34005 Data

JSON