Miggo Logo
Miggo Vulnerability Database
CVE-2019-3809

CVE-2019-3809: Moodle Blind SSRF Risk in /badges/mybackpack.php

10

CVSS Score
3.0

Basic Information

CVE ID
CVE-2019-3809
GHSA ID
GHSA-jp4g-r8c9-3534
EPSS Score
0.50975%
CWE
CWE-918
Published
5/13/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.1, < 3.1.163.1.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper URL validation in the Mozilla Open Badges backpack integration. Key indicators:

  1. The advisory explicitly references /badges/mybackpack.php as the vulnerable endpoint
  2. SSRF occurs through badge URL parameter handling
  3. The patch (MDL-64222) would logically add validation checks before making external requests
  4. Moodle's badge system architecture suggests these functions handle backpack configuration
  5. 'set_config' storage without validation creates persistent SSRF opportunities While exact function names aren't visible in public commits, the file path and vulnerability pattern strongly implicate the URL processing and storage mechanisms in mybackpack.php.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in Moo*l* v*rsions *.* to *.*.** *n* **rli*r unsupport** v*rsions. T** my***kp**k *un*tion*lity *llow** s*ttin* t** URL o* *****s, w**n it s*oul* ** r*stri*t** to t** Mozill* Op*n *****s ***kp**k URL. T*is r*sult** in t** possi*ility

Reasoning

T** vuln*r**ility st*ms *rom improp*r URL v*li**tion in t** Mozill* Op*n *****s ***kp**k int**r*tion. K*y in*i**tors: *. T** **visory *xpli*itly r***r*n**s /*****s/my***kp**k.p*p *s t** vuln*r**l* *n*point *. SSR* o**urs t*rou** ***** URL p*r*m*t*r *