PT-2016-1288 · Moodle · Moodle
Published
2015-08-03
·
Updated
2022-05-13
·
CVE-2015-3272
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.6.11 and earlier
Moodle versions 2.7.x before 2.7.9
Moodle versions 2.8.x before 2.8.7
Moodle versions 2.9.x before 2.9.1
Description
The issue is related to an open redirect vulnerability in the
clean param function. This vulnerability allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.Recommendations
For Moodle versions 2.6.11 and earlier, update to a version later than 2.6.11.
For Moodle versions 2.7.x before 2.7.9, update to version 2.7.9 or later.
For Moodle versions 2.8.x before 2.8.7, update to version 2.8.7 or later.
For Moodle versions 2.9.x before 2.9.1, update to version 2.9.1 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle