BIT-MOODLE-2024-34003 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

Moodle 4.3.x < 4.3.3 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...

CVE-2024-34003

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...