moodle is vulnerable to server-side request forgery (SSRF) attacks. A malicious user can pass an arbitrary URL to the filepicker AJAX to retrieve and view any URL through it.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 3.1.9 | |
moodle/moodle | le | 3.3.3 | |
moodle/moodle | le | 3.2.6 | |
moodle/moodle | le | 3.4.0 |