CNNVD-202510-2735 Information

CNNVD ID

CNNVD-202510-2735

Related CVE

CVE-2025-60511

• CNNVD Published: 2025-10-21

Description (Chinese)

Moodle OpenAI Chat Block plugin是Moodle开源的一个大模型聊天插件。 Moodle OpenAI Chat Block plugin 3.0.1版本存在安全漏洞，该漏洞源于对blockId参数验证不足，可能导致不安全的直接对象引用攻击。

Description (English)

Moodle Openai Chat Block Plugin is a big model chat plugin for Moodle Open Source. There is a security loophole in version 3.01 of Moodle OpenAi Chat Block Plugin, which stems from inadequate validation of blockId parameters, which may lead to unsafe direct object reference attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Moodle

Published

2025-10-21

Last Modified

2026-02-24

References

http://moodle.com http://openai.com https://github.com/onurcangnc/moodle_block_openai_chat https://onurcangenc.com.tr/posts/idor-in-moodle-openai-chat-block-block_openai_chat-proof-of-concept-poc–cve-2025-60511/ https://access.redhat.com/security/cve/cve-2025-60511