Description
Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Chameleon CSS SQL Injection (1.2)
Oracle Database Server Resource Management Errors Vulnerability (CVE-2007-5506)
Liferay Portal Incorrect Authorization Vulnerability (CVE-2021-33335)
PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)
WordPress Plugin Calendar Event Multi View Multiple Vulnerabilities (1.1.4)