First published: Mon Jun 01 2015(Updated: )
Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | <=2.5.9 | |
Moodle Moodle | =2.5.0 | |
Moodle Moodle | =2.5.1 | |
Moodle Moodle | =2.5.2 | |
Moodle Moodle | =2.5.3 | |
Moodle Moodle | =2.5.4 | |
Moodle Moodle | =2.5.5 | |
Moodle Moodle | =2.5.6 | |
Moodle Moodle | =2.5.7 | |
Moodle Moodle | =2.5.8 | |
Moodle Moodle | =2.6.0 | |
Moodle Moodle | =2.6.1 | |
Moodle Moodle | =2.6.2 | |
Moodle Moodle | =2.6.3 | |
Moodle Moodle | =2.6.4 | |
Moodle Moodle | =2.6.5 | |
Moodle Moodle | =2.6.6 | |
Moodle Moodle | =2.6.7 | |
Moodle Moodle | =2.6.8 | |
Moodle Moodle | =2.6.9 | |
Moodle Moodle | =2.6.10 | |
Moodle Moodle | =2.7.0 | |
Moodle Moodle | =2.7.1 | |
Moodle Moodle | =2.7.2 | |
Moodle Moodle | =2.7.3 | |
Moodle Moodle | =2.7.4 | |
Moodle Moodle | =2.7.5 | |
Moodle Moodle | =2.7.6 | |
Moodle Moodle | =2.7.7 | |
Moodle Moodle | =2.8.0 | |
Moodle Moodle | =2.8.1 | |
Moodle Moodle | =2.8.2 | |
Moodle Moodle | =2.8.3 | |
Moodle Moodle | =2.8.4 | |
Moodle Moodle | =2.8.5 | |
composer/moodle/moodle | >=2.8.0<2.8.6 | 2.8.6 |
composer/moodle/moodle | >=2.7.0<2.7.8 | 2.7.8 |
composer/moodle/moodle | >=2.6.0<2.6.11 | 2.6.11 |
composer/moodle/moodle | <=2.5.9 | |
<=2.5.9 | ||
=2.5.0 | ||
=2.5.1 | ||
=2.5.2 | ||
=2.5.3 | ||
=2.5.4 | ||
=2.5.5 | ||
=2.5.6 | ||
=2.5.7 | ||
=2.5.8 | ||
=2.6.0 | ||
=2.6.1 | ||
=2.6.2 | ||
=2.6.3 | ||
=2.6.4 | ||
=2.6.5 | ||
=2.6.6 | ||
=2.6.7 | ||
=2.6.8 | ||
=2.6.9 | ||
=2.6.10 | ||
=2.7.0 | ||
=2.7.1 | ||
=2.7.2 | ||
=2.7.3 | ||
=2.7.4 | ||
=2.7.5 | ||
=2.7.6 | ||
=2.7.7 | ||
=2.8.0 | ||
=2.8.1 | ||
=2.8.2 | ||
=2.8.3 | ||
=2.8.4 | ||
=2.8.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.