CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
40.5%
A vulnerability in the Moodle virtual learning environment is related to insufficient validation of user input data.
data, an attacker could send a specially crafted HTTP request and make the application
initiate requests to arbitrary systems. Exploitation of the vulnerability could allow an attacker,
remotely access sensitive data located on a local network, or
send malicious requests to other servers from a vulnerable system.
A vulnerability in the Moodle virtual learning environment is related to insufficient cleansing of data submitted by
by users on the groups page. Exploitation of the vulnerability could allow an attacker acting
remotely to steal potentially sensitive information, modify the appearance of a web page, perform
phishing and disk loading attacks.
The vulnerability in the Moodle virtual learning environment is related to insufficient cleansing of user-provided
user-supplied data on the Mnet SSO access control page. Exploitation of the vulnerability could allow
an attacker acting remotely to read, delete, modify data in the database and gain full
control over the vulnerable application.