Lucene search
K

6 matches found

OSV
OSV
added 2024/03/06 11:1 a.m.24 views

BIT-MOODLE-2022-45152

A blind Server-Side Request Forgery SSRF vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...

9.1CVSS9AI score0.01352EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.45 views

Moodle 4.0.x < 4.0.5 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

9.1CVSS6.2AI score0.01352EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.42 views

Moodle 3.11.x < 3.11.11 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

9.1CVSS6.2AI score0.01352EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.56 views

Moodle 3.9.x < 3.9.18 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

9.1CVSS6.2AI score0.01352EPSS
Exploits0References8
CVE
CVE
added 2022/11/25 12:0 a.m.127 views

CVE-2022-45152

CVE-2022-45152 corresponds to a blind Server-Side Request Forgery (SSRF) in Moodle. The issue arises from insufficient validation of user-supplied input in the LTI provider library, which does not use Moodle’s inbuilt cURL helper, enabling an attacker to craft requests that force the application ...

9.1CVSS8.9AI score0.01352EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.7 views

CVE-2022-45152

A blind Server-Side Request Forgery SSRF vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...

9.1AI score0.01352EPSS
Exploits0References6
Rows per page
Query Builder