Miggo Logo

CVE-2017-7489: Moodle External blog editing takeover

6.3

CVSS Score
3.0

Basic Information

EPSS Score
0.54121%
Published
5/13/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.2, < 3.2.33.2.3
moodle/moodlecomposer>= 3.1, < 3.1.63.1.6
moodle/moodlecomposer>= 3.0, < 3.0.103.0.10
moodle/moodlecomposer>= 2.7, < 2.7.202.7.20

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper privilege management (CWE-269) in external blog editing. While exact code isn't available, Moodle's security advisory references MDL-58635 which involves external blog ownership handling. The core issue would exist in the function responsible for processing external blog edits, which should normally validate user ownership before allowing modifications. The vulnerable versions lacked proper authorization checks when updating blog entries, enabling users to reassign ownership through manipulated requests. The 'blog/externallib.php' is the standard location for external blog functionality in Moodle, making 'blog_edit_external_blog' the most likely candidate based on vulnerability patterns and component structure.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Moo*l* *.x *n* *.x, r*mot* *ut**nti**t** us*rs **n t*k* own*rs*ip o* *r*itr*ry *lo*s *y **itin* *n *xt*rn*l *lo* link.

Reasoning

T** vuln*r**ility st*ms *rom improp*r privil*** m*n***m*nt (*W*-***) in *xt*rn*l *lo* **itin*. W*il* *x**t *o** isn't *v*il**l*, Moo*l*'s s**urity **visory r***r*n**s M*L-***** w*i** involv*s *xt*rn*l *lo* own*rs*ip **n*lin*. T** *or* issu* woul* *xi