Lucene search
HistoryFeb 19, 2024 - 5:15 p.m.
CVE-2024-25979
cve-2024-25979
url parameters
forum
nvd
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
The URL parameters accepted by forum search were not limited to the allowed parameters.
CNA Affected
[
{
"versions": [
{
"status": "affected",
"version": "4.3.0",
"lessThan": "4.3.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.2.0",
"lessThan": "4.2.6",
"versionType": "semver"
},
{
"status": "affected",
"version": "0",
"lessThan": "4.1.9",
"versionType": "semver"
}
],
"packageName": "moodle",
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected"
}
]Related
ubuntucve
ubuntucve
CVE-2024-25979
2024-02-19 00:00:00
prion
prion
Code injection
2024-02-19 17:15:00
github
github
Improper Handling of Parameters in moodle
2024-02-19 18:31:32
veracode
veracode
Improper Input Validation
2024-04-03 19:26:23
nvd
nvd
CVE-2024-25979
2024-02-19 17:15:08
cvelist
cvelist
osv
osv
BIT-moodle-2024-25979
2024-03-31 18:22:42
Improper Handling of Parameters in moodle
2024-02-19 18:31:32
openvas
openvas
Fedora: Security Advisory for moodle (FEDORA-2024-d2f180202f)
2024-03-01 00:00:00
Moodle 4.1.x < 4.1.9, 4.2.x < 4.2.5, 4.3.x < 4.3.3 Multiple Vulnerabilities
2024-02-20 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: moodle-4.1.9-1.fc38
2024-02-29 02:00:34
nessus
nessus
Fedora 38 : moodle (2024-d2f180202f)
2024-02-29 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
Related for CVE-2024-25979