3 matches found
CVE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...
CVE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...
CVE-2024-34003
CVE-2024-34003 corresponds to an authenticated local file include (LFI) risk in Moodle in misconfigured shared hosting environments, where a user with access to restore workshop modules and direct access to the web server outside of Moodle can exploit LFI. The connected documents (GHSA/JG4F-8W9X-...