A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
Max CVSS
8.8
EPSS Score
0.41%
Published
2019-07-31
Updated
2023-02-02
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.
Max CVSS
10.0
EPSS Score
0.14%
Published
2019-03-25
Updated
2019-10-09
2 vulnerabilities found