CVE-2012-6101

Moodle 2.2.x < 2.2.7, 2.3.x < 2.3.4, 2.4.x < 2.4.1 - Open Redirect via Multiple Endpoints

Title source: llm
STIX 2.1

Description

Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=220162
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2013/01/21/1

Scores

EPSS 0.0025
EPSS Percentile 48.6%

Details

CWE
CWE-20
Status published
Products (12)
moodle/moodle 2.2.0
moodle/moodle 2.2.1
moodle/moodle 2.2.2
moodle/moodle 2.2.3
moodle/moodle 2.2.4
moodle/moodle 2.2.5
moodle/moodle 2.2.6
moodle/moodle 2.3.0
moodle/moodle 2.3.1
moodle/moodle 2.3.2
... and 2 more
Published Jan 27, 2013
Tracked Since Feb 18, 2026