Description
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2021-31963 Vulnerability (CVE-2021-31963)
WordPress Plugin HAL Cross-Site Scripting (2.1.1)
PHP CVE-2009-3293 Vulnerability (CVE-2009-3293)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10268)
WordPress Plugin Wunderbar Basic Cross-Site Scripting (1.1.3)