PT-2018-10119 · Moodle · Moodle
Brendan Cox
·
Publicado
2018-04-04
·
Atualizado
2022-05-13
·
CVE-2018-1081
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.1 through 3.1.10
Moodle versions 3.2 through 3.2.7
Moodle versions 3.3 through 3.3.4
Moodle versions 3.4 through 3.4.1
Description
A flaw was found that allows unauthenticated users to trigger custom messages to admins via the paypal enrol script. The paypal IPN callback script fails to verify the request origin before sending error emails to admins, which can lead to admin email spamming.
Recommendations
For Moodle versions 3.1 through 3.1.10, update the paypal IPN callback script to verify the request origin before sending error emails to admins.
For Moodle versions 3.2 through 3.2.7, update the paypal IPN callback script to verify the request origin before sending error emails to admins.
For Moodle versions 3.3 through 3.3.4, update the paypal IPN callback script to verify the request origin before sending error emails to admins.
For Moodle versions 3.4 through 3.4.1, update the paypal IPN callback script to verify the request origin before sending error emails to admins.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Moodle