Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-VJXX-54VW-Q59F
HistoryMay 14, 2022 - 1:17 a.m.

Moodle SSRF Vulnerability

2022-05-1401:17:52
Google
osv.dev
10
moodle
ssrf
vulnerability
edit_blog.php
rss feed
ssrf attack
firewall
ip filtering
blind vulnerability
time based attack

EPSS

0.001

Percentile

42.8%

JSON

The edit_blog.php script allows a registered user to add external RSS feed resources. It was identified that this feature could be abused to be used as a SSRF attack vector by adding a malicious URL/TCP PORT in order to target internal network or an internet hosted server, bypassing firewall rules, IP filtering and more.

This kind of vulnerability is then called β€œblind” because of no response available on Moodle web site, enforcing attacker to exploit it using a β€œtime based” approach.

Related

prion 1
cvelist 1
cve 1
openvas 1
github 1
osv 1
ubuntucve 1
nvd 1
veracode 1
prion
prion
Server side request forgery (ssrf)
2019-03-21 16:01:00
cvelist
cvelist
CVE-2019-6970
2019-03-18 20:28:37
cve
cve
CVE-2019-6970
2019-03-21 16:01:10
openvas
openvas
Moodle CMS 3.5.x <= 3.5.3 SSRF vulnerability.
2019-04-02 00:00:00
github
github
Moodle SSRF Vulnerability
2022-05-14 01:17:52
osv
osv
CVE-2019-6970
2019-03-21 16:01:10
ubuntucve
ubuntucve
CVE-2019-6970
2019-03-21 00:00:00
nvd
nvd
CVE-2019-6970
2019-03-21 16:01:10
veracode
veracode
Server-Side Request Forgery (SSRF)
2019-03-22 03:23:24

EPSS

0.001

Percentile

42.8%

JSON
Related for OSV:GHSA-VJXX-54VW-Q59F
prion1cvelist1cve1openvas1github1osv1ubuntucve1nvd1veracode1