Moodle – Open Redirect

Home » Blog » Moodle – Open Redirect

Description

During the scan, Kayran managed to find an Open Redirect vulnerability inside the Moodle platform.
Open Redirect rises whenever you have input which you then use, in order to redirect the user.
Open Redirection Vulnerability happens when a web application accepts an untrusted\unvalidated input. That could cause the web application to redirect the request to a URL contained within the untrusted input.

An attacker could write a new URL within the application that causes a redirect to malicious, external domains. This vulnerability can be used to perform successful phishing attacks and more.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

Update to the latest version released by Moodle.

(link below)

References

https://docs.moodle.org/400/en/Upgrading

https://cwe.mitre.org/data/definitions/601.html

< Return to all Vulnerabilities

Adwares – A Dangerous Distraction

Adwares pose A Dangerous Distraction.What is an Adware? Why should we care? Why are adwares considered Malicious? How do we get rid of them? In

PT- Pentest – Penetration Testing

There’s no way you’ve had a working internet connection in the last year and you haven’t seen or heard the terms PT, Pentest or Penetration

The least choking snake – Python

Nice title does it? No but seriously, tell it to my boss. but seriously-Seriously, in this article we are gonna talk about Python, and no,

The best or the worst? – Pros and Cons in WordPress…

It’s no secret that today WordPress is the most popular content management system on the Internet, and probably the most common one for the use

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

WEB APPLICATION VULNERABILITY SCANNER

Links

registered user?