CVE-2019-6970

Name of the Vulnerable Software and Affected Versions Moodle versions 3.5.x through 3.5.3

Description The issue allows for a Server-Side Request Forgery (SSRF) attack. A registered user can exploit the edit blog.php script by adding a malicious URL or TCP port to target internal networks or internet-hosted servers, bypassing firewall rules and IP filtering. This is a "blind" vulnerability, as there is no response available on the Moodle website, requiring attackers to use a "time-based" approach to exploit it.

Recommendations For Moodle versions 3.5.x through 3.5.3, update to version 3.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the edit blog.php script to minimize the risk of exploitation. Avoid using the edit blog.php script to add external RSS feed resources until the issue is resolved.