Exploit for #VU37616 Server-Side Request Forgery (SSRF) in Moodle

Exploit for #VU37616 Server-Side Request Forgery (SSRF) in Moodle

Published: 2021-06-17 | Updated: 2022-07-30

Vulnerability identifier: #VU37616

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1042

CWE-ID: CWE-918

Exploitation vector: Network

Exploits in database: 2

July 30, 2022
- Moodle-CVE-2018-1042 (Script to exploit CVE-2018-1042 in order to do internal port scans.) [Github]
June 17, 2021
- Moodle Filepicker 3.5.2 - Server Side Request Forgery [Exploit-DB]

Impact: Information disclosure

Vulnerable software:
Moodle
Web applications / Other software

Vendor: moodle.org