Moodle – Open Redirect

Description

During the scan, Cytrix managed to find an Open Redirect vulnerability inside the Moodle platform.
Open Redirect rises whenever you have input which you then use, in order to redirect the user.
Open Redirection Vulnerability happens when a web application accepts an untrusted\unvalidated input. That could cause the web application to redirect the request to a URL contained within the untrusted input.

An attacker could write a new URL within the application that causes a redirect to malicious, external domains. This vulnerability can be used to perform successful phishing attacks and more.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

Update to the latest version released by Moodle.

(link below)

References

https://docs.moodle.org/400/en/Upgrading

https://cwe.mitre.org/data/definitions/601.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »