CNNVD-202602-461 Information

CNNVD ID

CNNVD-202602-461

Related CVE

CVE-2025-67852

• CNNVD Published: 2026-02-03

Description (Chinese)

Moodle是Moodle开源的一套免费的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle存在安全漏洞，该漏洞源于OAuth登录流程中重定向参数验证不足，可能导致开放重定向攻击，从而引发钓鱼攻击或信息泄露。

Description (English)

Moodle is an open-source, free-of-charge e-learning platform known as the curriculum management system, the learning management system or the virtual learning environment. Modle has a security loophole, which stems from inadequate verification of re-direction parameters in the OAuth log-in process, which could lead to open-ended re-direction attacks, which could trigger fishing attacks or information leaks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Moodle

Published

2026-02-03

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-67852 https://bugzilla.redhat.com/show_bug.cgi?id=2423844