A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH ...

Moodle authorization headers preserved between "emulated redirects"

Уязвимость виртуальной обучающей среды Moodle, связанная раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Множественные уязвимости moodle