vulnerability

Moodle: URL Redirection to Untrusted Site (CVE-2019-14831)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Mar 19, 2021

Added

Mar 30, 2021

Modified

May 7, 2026

Description

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.

Solution

moodle-upgrade-latest

References

CVE-2019-14831
https://attackerkb.com/topics/CVE-2019-14831
https://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=32e2e06a8737afb07ee83abb3eacd39f8b181216
https://moodle.org/mod/forum/discuss.php?d=391037
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-5958
CWE-601
EUVD-EUVD-2019-5958

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report