CVE-2024-34005: Moodle Authenticated LFI risk in some misconfigured shared hosting environments
(updated )
In a shared hosting environment that has been misconfigured to allow access to other users’ content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
References
Detect and mitigate CVE-2024-34005 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →