-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the redirect() function in lib/weblib.php handling user-supplied URLs without proper CRLF sequence neutralization. The GitHub patch shows critical sanitization steps (control character removal, quote encoding, and HTML entity cleanup via clean_text()) were added to the redirect function. The advisory explicitly mentions header('Location: '.$url) as the injection point, and the CWE-93/CWE-113 mapping confirms this is a classic CRLF injection scenario. The function's role in HTTP redirection logic matches the vulnerability description's attack vector.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 1.9.15 | 1.9.15 |
| moodle/moodle | composer | >= 2.0, < 2.0.6 | 2.0.6 |
| moodle/moodle | composer | >= 2.1, < 2.1.3 | 2.1.3 |
A Semantic Attack on Google Gemini - Read the Latest Research