Known Vulnerabilities
CVE-2024-34005
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
MEDIUM
CVSS 6.5
Published May 31, 2024
CVE-2024-33996
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
MEDIUM
CVSS 6.2
Published May 31, 2024