CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-1043
https://notcve.org/view.php?id=CVE-2018-1043
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. En Moodle 3.x, la configuración para la lista de hosts bloqueados puede omitirse con múltiples nombres de host de registro A. • http://www.securityfocus.com/bid/102769 https://moodle.org/mod/forum/discuss.php?d=364382 •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 2CVE-2018-1042 – Moodle Filepicker 3.5.2 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-1042
Moodle 3.x has Server Side Request Forgery in the filepicker. Moodle, en versiones 3.x, tiene Server Side Request Forgery en el filepicker. Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/47177 https://github.com/UDPsycho/Moodle-CVE-2018-1042 http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html http://www.securityfocus.com/bid/102752 https://moodle.org/mod/forum/discuss.php?d=364381 • CWE-918: Server-Side Request Forgery (SSRF) •