Published: 22/01/2018 Updated: 27/07/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Moodle 3.x has Server Side Request Forgery in the filepicker.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 3.2.2
moodle moodle 3.2.4
moodle moodle 3.4.0
moodle moodle 3.2.6
moodle moodle 3.3.0
moodle moodle 3.3.1
moodle moodle 3.3.2
moodle moodle
moodle moodle 3.2.0
moodle moodle 3.2.1
moodle moodle 3.2.3
moodle moodle 3.2.5
moodle moodle 3.3.3

# Exploit Title: Server Side Request Forgery in Moodle Filepicker # Google Dork: / # Date: 2019-07-25 # Exploit Author: Fabian Mosch & Nick Theisinger (r-tec IT Security GmbH) # Vendor Homepage: moodleorg/ # Software Link: githubcom/moodle/moodle # Version: Moodle Versions 34, 33, 333, 32 to 326, 31 to 319 and 352 ...

Moodle Filepicker version 352 suffers from a server-side request forgery vulnerability ...

Script to exploit CVE-2018-1042 in order to do internal port scans.

Moodle CVE-2018-1042 Script to exploit CVE-2018-1042 in order to do internal port scans

CWE-918 https://moodle.org/mod/forum/discuss.php?d=364381 http://www.securityfocus.com/bid/102752 http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html https://nvd.nist.gov https://github.com/UDPsycho/Moodle-CVE-2018-1042 https://www.exploit-db.com/exploits/47177

CVE-2018-1042

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect