Количество 6
Количество 6
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in ...
GHSA-xqcf-vgqc-pcmg
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
BDU:2022-07408
Уязвимость системы управления курсами Moodle, связанная с недостаточной проверкой введенных пользователем данных в библиотеке поставщика LTI, позволяющая нарушителю выполнять SSRF-атаки
ROS-20221222-03
Множественные уязвимости moodle
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | CVSS3: 9.1 | 1% Низкий | почти 3 года назад |
 | CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | CVSS3: 9.1 | 1% Низкий | почти 3 года назад |
| CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in ... | CVSS3: 9.1 | 1% Низкий | почти 3 года назад |
| GHSA-xqcf-vgqc-pcmg Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library | CVSS3: 9.1 | 1% Низкий | почти 3 года назад |
 | BDU:2022-07408 Уязвимость системы управления курсами Moodle, связанная с недостаточной проверкой введенных пользователем данных в библиотеке поставщика LTI, позволяющая нарушителю выполнять SSRF-атаки | CVSS3: 9.1 | 1% Низкий | почти 3 года назад |
 | ROS-20221222-03 Множественные уязвимости moodle | CVSS3: 9.1 | почти 3 года назад |
Уязвимостей на страницу