ID:5585 - Exploit for Security restrictions bypass in Moodle - CVE-2019-3810

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:5585 - Exploit for Security restrictions bypass in Moodle - CVE-2019-3810

ID:5585 - Exploit for Security restrictions bypass in Moodle - CVE-2019-3810

Published: June 17, 2021


Vulnerability identifier: #VU17355
Vulnerability risk: Low
CVE-ID: CVE-2019-3810
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
Moodle

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to the /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. A remote attacker can bypass security restrictions to conduct further attacks.


Remediation

The vulnerability has been addressed in the versions 3.1.16, 3.4.7, 3.5.4, 3.6.2.