Vulnerability Details : CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
Vulnerability category: Server-side request forgery (SSRF)
Exploit prediction scoring system (EPSS) score for CVE-2022-45152
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less