Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.9, 2.8.x prior to 2.8.7, and 2.9.x prior to 2.9.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 2.7.1 |
||
moodle moodle 2.6.10 |
||
moodle moodle 2.8.3 |
||
moodle moodle 2.7.6 |
||
moodle moodle 2.7.2 |
||
moodle moodle 2.6.7 |
||
moodle moodle 2.7.4 |
||
moodle moodle 2.6.1 |
||
moodle moodle 2.8.4 |
||
moodle moodle 2.8.6 |
||
moodle moodle 2.6.5 |
||
moodle moodle 2.7.5 |
||
moodle moodle 2.7.3 |
||
moodle moodle 2.6.2 |
||
moodle moodle 2.7.0 |
||
moodle moodle 2.6.8 |
||
moodle moodle 2.8.1 |
||
moodle moodle 2.6.4 |
||
moodle moodle 2.6.9 |
||
moodle moodle 2.8.5 |
||
moodle moodle 2.6.3 |
||
moodle moodle 2.7.8 |
||
moodle moodle 2.6.6 |
||
moodle moodle 2.8.2 |
||
moodle moodle 2.7.7 |
||
moodle moodle 2.6.0 |
||
moodle moodle 2.8.0 |
||
moodle moodle 2.9.0 |