Unrestricted External URL Redirect in Moodle Cohort Upload Form

Unrestricted External URL Redirect in Moodle Cohort Upload Form

CVE-2019-10133 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.

Learn more about our Internal Network Penetration Testing.