CVE-2019-14830

MEDIUM

Moodle 3.5.0-3.5.7 - Open Redirect via Mobile Launch Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14830. PoCs published by Fr3d-.

AI-analyzed exploit summary This PoC exploits an open redirect vulnerability in Moodle's mobile app launch endpoint to steal user tokens via a crafted URL. The Flask app redirects victims to a malicious endpoint, captures the token from the callback, and uses it to fetch user info.

Description

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").

Exploits (1)

nomisec WORKING POC 1 stars
by Fr3d- · poc
https://github.com/Fr3d-/moodle-token-stealer

This PoC exploits an open redirect vulnerability in Moodle's mobile app launch endpoint to steal user tokens via a crafted URL. The Flask app redirects victims to a malicious endpoint, captures the token from the callback, and uses it to fetch user info.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Moodle (versions affected by CVE-2019-14830)
No auth needed
Prerequisites: Victim must click a malicious link · Moodle instance must be vulnerable to CVE-2019-14830
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.0235
EPSS Percentile 85.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (1)
moodle/moodle 3.5.0 - 3.5.7
Published Mar 19, 2021
Tracked Since Feb 18, 2026