Moodle 3.x has Server Side Request Forgery in the filepicker.
packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html
github.com/moodle/moodle/commit/f1d1a60e0ac8549c08e66062f3cd0110e4a92e24
moodle.org/mod/forum/discuss.php?d=364381
nvd.nist.gov/vuln/detail/CVE-2018-1042
web.archive.org/web/20210124134113/www.securityfocus.com/bid/102752