8 matches found
EUVD-2023-1920
Malicious code in bioql PyPI...
Server side request forgery (ssrf)
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...
CVE-2023-35133 Moodle: ssrf risk due to insufficient check on the curl blocked hosts
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions...
Server-side Request Forgery (SSRF)
moodle/moodle is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to insufficient redirect handling in the urlisblocked function of curlsecurityhelper.php, which allows an attacker to bypass cURL-blocked hosts or port restrictions...
CVE-2021-36396
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk...
Server side request forgery (ssrf)
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk...
PT-2023-25158 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.9 to 3.9.21 Moodle versions 3.11 to 3.11.14 Moodle versions 4.0 to 4.0.8 Moodle versions 4.1 to 4.1.3 Moodle version 4.2 Description: The issue is related to the logic used to check 0.0.0.0 against the cURL blocked hosts...
Moodle 3.x Bypass Vulnerability (Jan 2018) - Windows
Setting for blocked hosts list can be bypassed with multiple A record hostnames. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...