Description
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
Remediation
References
Related Vulnerabilities
Envoy Proxy CVE-2023-27496 Vulnerability (CVE-2023-27496)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1429)
WordPress Plugin CSS & JavaScript Toolbox SQL Injection (9.2)
WordPress Plugin Securimage-WP-Fixed Cross-Site Scripting (3.5.4)
ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)