Hi Team,
we are facing some issue Moodle Security Vulnerabilities in core files. I am sharing below details
VA Category | URL | |
HTML Injection | url/lib/editor/atto/autosave-ajax.php | HTML tags are executed. |
Iframe Injection | url/lib/editor/atto/autosave-ajax.php | iframe tags are executed and sites can be loaded inside them. |
Link Injection | url/lib/editor/atto/autosave-ajax.php | Link tags can be used for redirecting the application to the intended malicious site. |
Cross-Site Scripting (XSS) | url/lib/editor/atto/autosave-ajax.php | Cookies can be obtained by injected payloads and redirection to the injected site is also possible. |
Insecure Direct Object References | url/course/view.php?id=1 | The currently logged in user can see the details of other users too. |
Malicious File Upload | url/repository/repository_ajax.php?action=upload | Any type of files can be uploaded directly without any restriction. |
Privilege Escalation | url | The user can see the details of the upcoming course. |
Server-Side Request Forgery (SSRF) / Cross-Site Port Attack (XSPA) | url/repository/repository_ajax.php?action=signin | Internal port scanning can be done and also the application interacts actively with the external domains/sites. |
Possible Sensitive Directories/Files Detected | url/lib/ajax/service-nologin.php/backup.zip | |
Database Error Message | url/contentbank/view.php?id=-1%20order%20by%201--+ | Tables names are being revealed in the error message by changing the IDs passing in the URL. |
Please help to resolve the issue.
Thanks,
Amit Kumar