Published: 22/02/2016 Updated: 01/12/2020

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 4 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.9, 2.8.x prior to 2.8.7, and 2.9.x prior to 2.9.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 2.8.4
moodle moodle 2.8.3
moodle moodle 2.7.5
moodle moodle 2.7.4
moodle moodle 2.6.7
moodle moodle 2.6.6
moodle moodle 2.9.0
moodle moodle 2.8.0
moodle moodle 2.7.8
moodle moodle 2.7.1
moodle moodle 2.7.0
moodle moodle 2.6.2
moodle moodle 2.6.10
moodle moodle 2.8.6
moodle moodle 2.8.5
moodle moodle 2.7.7
moodle moodle 2.7.6
moodle moodle 2.6.9
moodle moodle 2.6.8
moodle moodle 2.6.1
moodle moodle 2.6.0
moodle moodle 2.8.2
moodle moodle 2.8.1
moodle moodle 2.7.3
moodle moodle 2.7.2
moodle moodle 2.6.5
moodle moodle 2.6.4
moodle moodle 2.6.3

NVD-CWE-Other https://moodle.org/mod/forum/discuss.php?d=316662 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688 http://openwall.com/lists/oss-security/2015/07/13/2 http://www.securitytracker.com/id/1032877 https://nvd.nist.gov

CVE-2015-3272

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect