CVE-2024-43436

A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2304264	Permissions Required
https://moodle.org/mod/forum/discuss.php?d=461206	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

05 Aug 2025, 18:34

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2304264 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2304264 - Permissions Required
References	~~() https://moodle.org/mod/forum/discuss.php?d=461206 -~~	() https://moodle.org/mod/forum/discuss.php?d=461206 - Vendor Advisory
CPE		cpe:2.3:a:moodle:moodle::::::::
First Time		Moodle Moodle moodle

08 Nov 2024, 19:01

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla de riesgo de inyección SQL en la herramienta de edición XMLDB disponible para los administradores del sitio.

07 Nov 2024, 16:35

Type	Values Removed	Values Added
CWE		CWE-89

07 Nov 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-07 14:15

Updated : 2025-08-05 18:34

NVD link : CVE-2024-43436

Mitre link : CVE-2024-43436

CVE.ORG link : CVE-2024-43436

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-43436", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-11-07T14:15:16.247", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304264", "tags": ["Permissions Required"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=461206", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de riesgo de inyecci\u00f3n SQL en la herramienta de edici\u00f3n XMLDB disponible para los administradores del sitio."}], "lastModified": "2025-08-05T18:34:51.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C7D59EF-3215-477B-8056-B3954A4064D0", "versionEndExcluding": "4.1.12", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8D123FB-556C-4602-91CB-ABE6541079F3", "versionEndExcluding": "4.2.9", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBA8C381-9493-42BD-A5EA-7AADFAB68C5E", "versionEndExcluding": "4.3.6", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277E1058-2F00-45DB-8BFC-2628CCC89981", "versionEndExcluding": "4.4.2", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}