Miggo Logo
Miggo Vulnerability Database
CVE-2016-2190

CVE-2016-2190: Moodle sensitive information disclosure

5.3

CVSS Score
3.0

Basic Information

CVE ID
CVE-2016-2190
GHSA ID
GHSA-r9pc-g29w-f86j
EPSS Score
0.63371%
CWE
-
Published
5/13/2022
Updated
1/26/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer<= 2.6.11
moodle/moodlecomposer>= 2.7.0, < 2.7.132.7.13
moodle/moodlecomposer>= 2.8.0, < 2.8.112.8.11
moodle/moodlecomposer>= 2.9.0, < 2.9.52.9.5
moodle/moodlecomposer>= 3.0.0, < 3.0.33.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing rel='noreferrer' attributes on links with target='_blank'. The patch added this attribute via two mechanisms: (1) A custom HTMLPurifier module in lib/weblib.php to automatically append the attribute during HTML sanitization, and (2) direct modification to the URL field rendering in mod/data/field/url/field.class.php. In vulnerable versions, the purify_html function lacked the Noreferrer module configuration, and the display_browse_field method omitted the rel attribute. These omissions allowed Referer header leakage, making these functions the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Moo*l* t*rou** *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *o*s not prop*rly r*stri*t links, w*i** *llows r*mot* *tt**k*rs to o*t*in s*nsitiv* URL in*orm*tion *y r***in* * R***r*r lo*.

Reasoning

T** vuln*r**ility st*ms *rom missin* r*l='nor***rr*r' *ttri*ut*s on links wit* t*r**t='_*l*nk'. T** p*t** ***** t*is *ttri*ut* vi* two m****nisms: (*) * *ustom *TMLPuri*i*r mo*ul* in li*/w**li*.p*p to *utom*ti**lly *pp*n* t** *ttri*ut* *urin* *TML s*