Miggo Logo
Miggo Vulnerability Database
CVE-2024-34004

CVE-2024-34004: Moodle Authenticated LFI risk in some misconfigured shared hosting environments

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-34004
GHSA ID
GHSA-q3cm-ccrm-2mr6
EPSS Score
0.55918%
CWE
CWE-200
Published
5/31/2024
Updated
6/4/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 4.3.0, < 4.3.44.3.4
moodle/moodlecomposer>= 4.2.0, < 4.2.74.2.7
moodle/moodlecomposer< 4.1.104.1.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability requires manipulation of wiki backup files during restoration. Moodle's wiki restoration process (mod_wiki) would handle path definitions in this class. The advisory specifically mentions wiki module restoration as the attack vector, and improper path handling in define_structure() would align with the described LFI scenario when combined with shared hosting misconfigurations. This matches Moodle's architecture where activity modules implement their own backup/restore logic in dedicated class files.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In * s**r** *ostin* *nvironm*nt t**t **s ***n mis*on*i*ur** to *llow ****ss to ot**r us*rs' *ont*nt, * Moo*l* us*r wit* *ot* ****ss to r*stor* wiki mo*ul*s *n* *ir**t ****ss to t** w** s*rv*r outsi** o* t** Moo*l* w**root *oul* *x**ut* * lo**l *il* i

Reasoning

T** vuln*r**ility r*quir*s m*nipul*tion o* wiki ***kup *il*s *urin* r*stor*tion. Moo*l*'s wiki r*stor*tion pro**ss (mo*_wiki) woul* **n*l* p*t* ***initions in t*is *l*ss. T** **visory sp**i*i**lly m*ntions wiki mo*ul* r*stor*tion *s t** *tt**k v**tor