Improper Handling of Parameters

CVE-2024-25979

Medium

5.3/10

Summary

The "URL" parameters accepted by forum search were not limited to the allowed parameters. This issue affects moodle/moodle versions prior to 4.1.9, 4.2.x prior to 4.2.6, and 4.3.x prior to 4.3.3.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-233 - Improper Handling of Parameters

The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Feb 19, 2024

Improper Handling of Parameters

CVE-2024-25979

Summary

CWE-233 - Improper Handling of Parameters

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS