5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-25979

CVE-2024-25979: Improper Handling of Parameters in moodle

The URL parameters accepted by forum search were not limited to the allowed parameters.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-25979

CVE-2024-25979:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
moodle/moodle	composer	>= 4.3.0, < 4.3.3	4.3.3
moodle/moodle	composer	>= 4.2.0, < 4.2.6	4.2.6
moodle/moodle	composer	< 4.1.9	4.1.9

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from using $FULLME in set_url() which accepts all URL parameters. The commit 6eaeeda explicitly shows the replacement with a controlled parameter list, indicating the previous implementation lacked parameter validation/limiting. The file mod/forum/search.php was modified to implement this restriction, making the unpatched set_url($FULLME) call the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-25979: Improper Handling of Parameters in moodle

CVE-2024-25979:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

CVE-2024-25979: Improper Handling of Parameters in moodle

Technical Details

5.3

5.3

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-25979: Improper Handling of Parameters in moodle

CVE-2024-25979:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2024-25979: Improper Handling of Parameters in moodle

Technical Details

5.3

5.3

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI