Description
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2017-10148 Vulnerability (CVE-2017-10148)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16335)
WordPress Plugin Recipes Writer Cross-Site Scripting (1.0.4)
WordPress Plugin Scroll To Top Cross-Site Scripting (1.4.0)
WordPress Plugin Advanced Order Export For WooCommerce CSV Injection (1.5.4)