Description

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

Remediation

References

CVE-2023-35133

Related Vulnerabilities

Oracle Database Server CVE-2016-0499 Vulnerability (CVE-2016-0499)

Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2014-0224)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress PHAR Deserialization (3.7.9)

WordPress Plugin Fusion:Extension-Map Multiple Unspecified Vulnerabilities (1.0.3)

WordPress Plugin Slimstat Analytics SQL Injection (3.9.5)

Severity

High

Classification

CVE-2023-35133 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities