Holmec

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** A blind Server-Side Request Forgery (SSRF) vulnerability was found due to insufficient validation of user-supplied input in the LTI provider library. The library does not utilize Moodle's inbuilt cURL helper, resulting in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This allows a remote attacker to perform SSRF attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.