4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.007 Low
EPSS
Percentile
80.2%
Moodle 3.x has Server Side Request Forgery in the filepicker.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | lt | 3.4.1 | |
moodle/moodle | le | 3.1.9 | |
moodle/moodle | le | 3.2.6 | |
moodle/moodle | le | 3.3.3 |
packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html
github.com/advisories/GHSA-qqjv-mc2v-p7mc
github.com/moodle/moodle/commit/f1d1a60e0ac8549c08e66062f3cd0110e4a92e24
moodle.org/mod/forum/discuss.php?d=364381
nvd.nist.gov/vuln/detail/CVE-2018-1042
web.archive.org/web/20210124134113/www.securityfocus.com/bid/102752
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.007 Low
EPSS
Percentile
80.2%