CVE-2024-43436

🗓️ 07 Nov 2024 13:29:57Reported by fedoraType

A SQL injection risk in XMLDB edito

Reporter	Title	Published	Views	Family All 51
Circl	CVE-2024-43436	7 Nov 202416:05	–	circl
CNNVD	Moodle 安全漏洞	7 Nov 202400:00	–	cnnvd
CNVD	Moodle SQL Injection Vulnerability (CNVD-2024-44850)	13 Nov 202400:00	–	cnvd
Cvelist	CVE-2024-43436 Moodle: site administration sql injection via xmldb editor	7 Nov 202413:29	–	cvelist
EUVD	EUVD-2024-3286	3 Oct 202520:07	–	euvd
Github Security Blog	Moodle vulnerable to site administration SQL injection via XMLDB editor	7 Nov 202415:31	–	github
NVD	CVE-2024-43436	7 Nov 202414:15	–	nvd
OpenVAS	Moodle < 4.1.12, 4.2.x < 4.2.9, 4.3.x < 4.3.6, 4.4.x < 4.4.2 Multiple Vulnerabilities	21 Aug 202400:00	–	openvas
OSV	BIT-MOODLE-2024-43436 Moodle: site administration sql injection via xmldb editor	6 Aug 202505:49	–	osv
OSV	GHSA-MX26-62XM-2P83 Moodle vulnerable to site administration SQL injection via XMLDB editor	7 Nov 202415:31	–	osv

NVD

Node

moodle moodleRange4.1.0–4.1.12

moodle moodleRange4.2.0–4.2.9

moodle moodleRange4.3.0–4.3.6

moodle moodleRange4.4.0–4.4.2

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.1.12",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.2",
        "lessThan": "4.2.9",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.3",
        "lessThan": "4.3.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.4",
        "lessThan": "4.4.2",
        "versionType": "semver"
      }
    ],
    "packageName": "moodle",
    "collectionURL": "https://github.com/moodle/moodle",
    "defaultStatus": "unaffected"
  }
]

Source	Link
moodle	www.moodle.org/mod/forum/discuss.php
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

05 Aug 2025 18:34Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.2

EPSS0.00496

SSVC

CWE-89