PT-2015-1574 · Moodle · Moodle
Dingjie Yang
·
Published
2015-05-18
·
Updated
2022-05-13
·
CVE-2015-3175
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.5.9 and earlier
Moodle versions 2.6.x before 2.6.11
Moodle versions 2.7.x before 2.7.8
Moodle versions 2.8.x before 2.8.6
Description
The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header. This can be exploited by a remote attacker to perform phishing attacks by redirecting users to malicious websites.
Recommendations
For Moodle versions 2.5.9 and earlier, update to version 2.6.11 or later.
For Moodle versions 2.6.x before 2.6.11, update to version 2.6.11 or later.
For Moodle versions 2.7.x before 2.7.8, update to version 2.7.8 or later.
For Moodle versions 2.8.x before 2.8.6, update to version 2.8.6 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle