CVE-2015-3175: Moodle Arbitrary Redirect
(updated )
Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.
References
- git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179
- openwall.com/lists/oss-security/2015/05/18/1
- github.com/advisories/GHSA-h798-h7ff-93xv
- github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a
- github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8
- moodle.org/mod/forum/discuss.php?d=313682
- nvd.nist.gov/vuln/detail/CVE-2015-3175
- web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358
- web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720
Detect and mitigate CVE-2015-3175 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →