Moodle 3.10.x < 3.10.5 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.8, 3.10.x prior to 3.10.5 or 3.11.x prior to 3.11.1. It is, therefore, affected by multiple vulnerabilities:

• An SQL injection in the library fetching a user’s enrolled courses. (CVE-2021-36392)

• An SQL injection in the library fetching a user’s recent courses. (CVE-2021-36393)

• A Remote Code Execution (RCE) in the Shibboleth authentication plugin, when enabled. (CVE-2021-36394)

• A recursion Denial of Service (DoS) in the file repository’s URL parsing function. (CVE-2021-36395)

• A blind Server-Side Request Forgery (SSRF) due to an insufficient redirect handling, leading to the bypass of cURL blocked hosts and allowed ports restrictions. (CVE-2021-36396)

• An Insecure Direct Object Reference (IDOR) vulnerability allowing an user to delete other user messages. (CVE-2021-36397)

• A stored Cross-Site Scripting (XSS) vulnerability in the ID numbers displayed in the web service token list. (CVE-2021-36398)

• A stored Cross-Site Scripting (XSS) vulnerability in the ID numbers displayed in the quiz override screens. (CVE-2021-36399)

• An Insecure Direct Object Reference (IDOR) vulnerability allowing an user to remove other users calendar URL subscriptions. (CVE-2021-36400)

• A stored Cross-Site Scripting (XSS) vulnerability in the ID numbers exported in HTML data formats being read locally. (CVE-2021-36401)

• An improper input validation in user names of account confirmation emails leading leading to phishing risks. (CVE-2021-36402)

• An improper input validation when processing email notifications containing HTML, leading to phishing risks. (CVE-2021-36403)

Note that the scanner has not attempted to exploit this issue but has instead relied only on application’s self-reported version number.