CVE-2019-14831

MEDIUM

Moodle 3.5.0-3.5.7 - Open Redirect via Forced Subscription Forum Link

Title source: llm

Description

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://moodle.org/mod/forum/discuss.php?d=391037

Patch x_refsource_misc

https://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=32e2e06a8737afb07ee83abb3eacd39f8b181216

Scores

CVSS v3 6.1

EPSS 0.0019

EPSS Percentile 40.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (1)

moodle/moodle 3.5.0 - 3.5.7

Published Mar 19, 2021

Tracked Since Feb 18, 2026