Description
Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.
Remediation
References
Related Vulnerabilities
Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-1854)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6403)
WordPress Plugin SP Project & Document Manager Unspecified Vulnerability (2.5.7.3)
MongoDb Use of Uninitialized Resource Vulnerability (CVE-2024-8654)