CVE-2024-43425

🗓️ 07 Nov 2024 13:21:59Reported by fedoraType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 214 Views🌐 WEB

Flaw in Moodle requires additional restrictions for remote code execution risk in calculated question types

Reporter	Title	Published	Views	Family All 54
GithubExploit	Exploit for Code Injection in Moodle	13 Oct 202502:32	–	githubexploit
GithubExploit	Exploit for Code Injection in Moodle	13 Jul 202504:52	–	githubexploit
GithubExploit	Exploit for Code Injection in Moodle	7 Feb 202519:48	–	githubexploit
GithubExploit	Exploit for Code Injection in Moodle	28 Jun 202508:49	–	githubexploit
Circl	CVE-2024-43425	28 Aug 202409:02	–	circl
CNNVD	Moodle 安全漏洞	7 Nov 202400:00	–	cnnvd
Cvelist	CVE-2024-43425 Moodle: remote code execution via calculated question types	7 Nov 202413:21	–	cvelist
Exploit DB	Moodle 4.4.0 - Authenticated Remote Code Execution	2 Jul 202500:00	–	exploitdb
Github Security Blog	Moodle Remote Code Execution vulnerability	7 Nov 202415:31	–	github
Metasploit	Moodle Remote Code Execution (CVE-2024-43425)	6 Dec 202418:58	–	metasploit

NVD

Node

moodle moodleRange<4.1.12

moodle moodleRange4.2.0–4.2.9

moodle moodleRange4.3.0–4.3.6

moodle moodleRange4.4.0–4.4.2

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.1.12",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.2",
        "lessThan": "4.2.9",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.3",
        "lessThan": "4.3.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.4",
        "lessThan": "4.4.2",
        "versionType": "semver"
      }
    ],
    "packageName": "moodle",
    "collectionURL": "https://github.com/moodle/moodle",
    "defaultStatus": "unaffected"
  }
]

Source	Link
moodle	www.moodle.org/mod/forum/discuss.php
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

Parameter	Position	Path	Description	CWE
logintoken	request body	login/index.php	Authenticated session establishment via login form which is leveraged in the exploit chain to reach the RCE delivery stages.	CWE-94
username	request body	login/index.php	Authenticated session establishment via login form which is leveraged in the exploit chain to reach the RCE delivery stages.	CWE-94
password	request body	login/index.php	Authenticated session establishment via login form which is leveraged in the exploit chain to reach the RCE delivery stages.	CWE-94
initialcategory	request body	question/bank/editquestion/question.php	Upload of a calculated question containing a potentially malicious payload (RCE) via the calculated question type in Moodle.	CWE-94
reload	request body	question/bank/editquestion/question.php	Upload of a calculated question containing a potentially malicious payload (RCE) via the calculated question type in Moodle.	CWE-94
shuffleanswers	request body	question/bank/editquestion/question.php	Upload of a calculated question containing a potentially malicious payload (RCE) via the calculated question type in Moodle.	CWE-94
answernumbering	request body	question/bank/editquestion/question.php	Upload of a calculated question containing a potentially malicious payload (RCE) via the calculated question type in Moodle.	CWE-94
name	request body	question/bank/editquestion/question.php	Upload of a calculated question containing a potentially malicious payload (RCE) via the calculated question type in Moodle.	CWE-94
questiontext[text]	request body	question/bank/editquestion/question.php	Upload of a calculated question containing a potentially malicious payload (RCE) via the calculated question type in Moodle.	CWE-94
questiontext[format]	request body	question/bank/editquestion/question.php	Upload of a calculated question containing a potentially malicious payload (RCE) via the calculated question type in Moodle.	CWE-94

01 May 2025 16:01Current

8.1High risk

Vulners AI Score8.1

CVSS 3.18.1

EPSS0.88917

SSVC

CWE-94