Skip to main content

Moodle CVE-2024-34001

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2024-05-31 patrick@puiterwijk.org
8.4
CVSS 3.1 · Vendor: puiterwijk
Share

Severity by source

Vendor (puiterwijk) PRIMARY
8.4 HIGH
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Primary rating from Vendor (puiterwijk) · only source for this CVE.

CVSS VectorVendor: puiterwijk

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 31, 2024 - 20:15 cve.org
HIGH 8.4

DescriptionCVE.org

Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.

AnalysisAI

Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. Affected products include: Moodle.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

More in Moodle

View all
CVE-2013-3630 MEDIUM POC
4.6 Nov 01

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell

CVE-2021-21809 CRITICAL POC
9.1 Jun 23

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. Rated critical severi

CVE-2024-43425 HIGH POC
8.1 Nov 07

A flaw was found in Moodle. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authenticatio

CVE-2017-2641 CRITICAL POC
9.8 Mar 26

In Moodle 2.x and 3.x, SQL injection can occur via user preferences. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2025-34031 HIGH POC
7.5 Jun 24

The Moodle LMS Jmol plugin version 6.1 and earlier contains a path traversal vulnerability in jsmol.php. The query param

CVE-2013-4341 MEDIUM POC
4.3 Sep 16

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, an

CVE-2016-9187 HIGH POC
8.8 Nov 04

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remo

CVE-2016-9186 HIGH POC
8.8 Nov 04

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows re

CVE-2018-14630 HIGH POC
8.8 Sep 17

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional re

CVE-2018-1133 HIGH POC
8.8 May 25

An issue was discovered in Moodle 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low a

CVE-2016-7919 HIGH POC
7.5 Oct 28

Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injectio

CVE-2021-47857 HIGH POC
7.2 Jan 21

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows

Share

CVE-2024-34001 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy