CVE-2024-25979Improper Handling of Parameters in Moodle

CWE-233Improper Handling of Parameters5 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 62.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MoodleFedoraproject Fedora
Timeline
PublishedFeb 19

Description

The URL parameters accepted by forum search were not limited to the allowed parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDmoodle/moodle4.1.04.1.9+2
Packagistmoodle/moodle4.3.04.3.3+2

Also affects: Fedora 38

Patches

Patch: git.moodle.orgPatch: git.moodle.org

🔴Vulnerability Details

4
CVEList
Msa-24-0002: forum search accepted random parameters in its url2024-02-19
OSV
Improper Handling of Parameters in moodle2024-02-19
GHSA
Improper Handling of Parameters in moodle2024-02-19
OSV
CVE-2024-25979: The URL parameters accepted by forum search were not limited to the allowed parameters2024-02-19
CVE-2024-25979 — Improper Handling of Parameters | cvebase