Unsafe direct use of $_SERVER[‘HTTP_REFERER’] in admin/tool/mfa/index.php. The referrer URL used by MFA required additional sanitizing, rather than being used directly.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | eq | 4.3.3 | |
moodle/moodle | eq | 4.3.1 | |
moodle/moodle | eq | 4.3.2 | |
moodle/moodle | eq | 4.3.0 |