Moodle 4.2.x < 4.2.9 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....

Moodle < 4.1.12 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.12, 4.2.x prior to 4.2.9, 4.3.x prior to 4.3.6, or 4.4.x prior to 4.4.2. It is, therefore, affected by multiple vulnerabilities. - A LFI vulnerability when restoring malformed block backups....

CVE-2024-43435 Moodle: can create global glossary without being admin

A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary...

CVE-2024-43435

CVE-2024-43435 describes a Moodle vulnerability where, due to insufficient capability checks, users who can restore glossaries in courses can inadvertently restore them into the global site glossary. The issue centers on authorization logic for glossary restoration, enabling an unintended elevati...

CVE-2024-43435 Moodle: can create global glossary without being admin

A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary...