Login Sign Up

CVE-2024-34001

8.4 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Moodle's admin preset tool where actions lack anti-CSRF tokens. Attackers can trick authenticated administrators into performing unauthorized actions like changing settings or deleting data. All Moodle instances with vulnerable versions are affected.

💻 Affected Systems

Products:
  • Moodle
Versions: Specific versions not provided in reference; check Moodle security advisories
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrator access to be exploited; affects admin preset tool functionality.

📦 What is this software?

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise through administrative account takeover, data deletion, or configuration changes leading to service disruption.

🟠

Likely Case

Unauthorized changes to site settings, user management, or course configurations by tricking administrators.

🟢

If Mitigated

Limited impact with proper CSRF protections, session management, and administrator awareness training.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick authenticated administrators into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Moodle security releases for specific version

Vendor Advisory: https://moodle.org/mod/forum/discuss.php?d=458389

Restart Required: No

Instructions:

1. Check Moodle security advisory for patched version. 2. Backup your Moodle instance. 3. Update to the patched version via Moodle's update mechanism or manual upgrade. 4. Verify the fix by testing admin preset tool functionality.

🔧 Temporary Workarounds

Temporary CSRF Protection

all

Implement additional CSRF protection at web server level or disable admin preset tool if not needed.

🧯 If You Can't Patch

  • Restrict admin preset tool access to trusted networks only
  • Implement strict session management and educate administrators about CSRF risks

🔍 How to Verify

Check if Vulnerable:

Check if your Moodle version matches affected versions in Moodle security advisory; test admin preset tool for missing CSRF tokens.

Check Version:

Check Moodle version via Site administration > Notifications or view version.php file

Verify Fix Applied:

After patching, verify that admin preset tool actions now include proper CSRF tokens and cannot be executed via forged requests.

📡 Detection & Monitoring

Log Indicators:

  • Unusual admin preset tool activity from unexpected IPs or sessions
  • Multiple failed CSRF token validations

Network Indicators:

  • HTTP requests to admin preset endpoints without proper referer headers or tokens

SIEM Query:

Search for POST requests to */admin/preset/* endpoints without valid CSRF tokens or from unusual user agents

📊 Metadata

CVE ID: CVE-2024-34001
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-352
Published: May 31, 2024
Last Updated: May 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34001, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)