2 matches found
Open Redirect
moodle is vulnerable to open redirects. The vulnerability exists as the value of returnto does not check that the URL leads to a non local URL, and thus can be used for open redirects...
php session ID leakage
The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...