Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-1920

Malicious code in bioql PyPI...

7.5CVSS5.6AI score0.00825EPSS
Exploits0References11
Prion
Prion
added 2023/06/22 9:15 p.m.29 views

Server side request forgery (ssrf)

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...

5CVSS7.3AI score0.00825EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/22 12:0 a.m.37 views

CVE-2023-35133 Moodle: ssrf risk due to insufficient check on the curl blocked hosts

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...

7.5CVSS6.5AI score0.00825EPSS
Exploits0References4
Veracode
Veracode
added 2023/03/14 2:15 a.m.32 views

Server-side Request Forgery (SSRF)

moodle/moodle is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to insufficient redirect handling in the urlisblocked function of curlsecurityhelper.php, which allows an attacker to bypass cURL-blocked hosts or port restrictions...

7.5CVSS7.6AI score0.01427EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2023/03/06 9:15 p.m.40 views

CVE-2021-36396

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk...

7.5CVSS7.7AI score
Exploits0References1
Prion
Prion
added 2023/03/06 9:15 p.m.25 views

Server side request forgery (ssrf)

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk...

5CVSS7.4AI score0.01427EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/11/08 12:0 a.m.9 views

PT-2023-25158 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.9 to 3.9.21 Moodle versions 3.11 to 3.11.14 Moodle versions 4.0 to 4.0.8 Moodle versions 4.1 to 4.1.3 Moodle version 4.2 Description: The issue is related to the logic used to check 0.0.0.0 against the cURL blocked hosts...

9.8CVSS6.3AI score0.49102EPSS
Exploits11References90
OpenVAS
OpenVAS
added 2018/05/09 12:0 a.m.23 views

Moodle 3.x Bypass Vulnerability (Jan 2018) - Windows

Setting for blocked hosts list can be bypassed with multiple A record hostnames. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.5AI score0.01326EPSS
Exploits0References2
Rows per page
Query Builder