cve/2019/CVE-2019-14882.md

### [CVE-2019-14882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14882)
![](https://img.shields.io/static/v1?label=Product&message=moodle&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.5.9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.6.7%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.7.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601&color=brightgreen)

### Description

A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.

### POC

#### Reference
- https://moodle.org/mod/forum/discuss.php?d=393585#p1586747

#### Github
- https://github.com/20142995/nuclei-templates
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/jev770/badmoodle-scan