Description
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.
Remediation
References
Related Vulnerabilities
PostgreSQL Other Vulnerability (CVE-2002-1398)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9481)
WordPress Plugin WooCommerce Upload My File Cross-Site Request Forgery (0.3.9)
MySQL CVE-2015-4815 Vulnerability (CVE-2015-4815)
Oracle Application Server Other Vulnerability (CVE-2002-0569)