Description
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Crazy Bone Cross-Site Scripting (0.5.6)
WordPress Plugin WP Gravity Forms Zoho CRM Add-on Cross-Site Scripting (1.1.5)
MySQL CVE-2019-2798 Vulnerability (CVE-2019-2798)
Internet Information Services Other Vulnerability (CVE-1999-1223)
Squid Improper Input Validation Vulnerability (CVE-2009-2622)