Lucene search

GitHub Advisory DatabaseGHSA-R2WX-46GP-RP3H

HistoryMay 31, 2024 - 9:30 p.m.

Moodle Improper Input Validation

2024-05-3121:30:53

CWE-20

GitHub Advisory Database

github.com

moodle

input validation

unsafe usage

http_referer

mfa

sanitizing

software

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Unsafe direct use of $_SERVER[‘HTTP_REFERER’] in admin/tool/mfa/index.php. The referrer URL used by MFA required additional sanitizing, rather than being used directly.

Affected configurations

Vulners

Node

moodlemoodleRange<4.3.4

CPENameOperatorVersion
moodle/moodlelt4.3.4

CPE	Name	Operator	Version
	moodle/moodle	lt	4.3.4

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80878

github.com/advisories/GHSA-r2wx-46gp-rp3h

moodle.org/mod/forum/discuss.php?d=458387

nvd.nist.gov/vuln/detail/CVE-2024-33999