← back
CVE-2019-14831

CVE-2019-14831

EPSS 0.8%CWE-601
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Mar 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.
Affected products
n/a · Moodle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=32e2e06a8737afb07ee83abb3eacd39f8b181216https://moodle.org/mod/forum/discuss.php?d=391037