CVE-2014-9060

Опубликовано: 24 нояб. 2014

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 2.4.11 (включая)

cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00388

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2014-9060

ubuntu

почти 11 лет назад

CVE-2014-9060

debian

почти 11 лет назад

The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x bef ...

GHSA-c87j-9rrq-h3j8

github

больше 3 лет назад

Moodle allows attackers to trigger the generation of arbitrary messages

EPSS

Процентиль: 59%

0.00388

Низкий

5 Medium

CVSS2

Дефекты

CWE-20