Vulnerability Database

314,372

Total vulnerabilities in the database

CVE-2019-3809

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.

Published: Mar 25, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-3809
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-918
CWE-352

Affected Software
References

Software	From	Fixed in
moodle / moodle	3.1.0	3.1.15.x

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809
https://moodle.org/mod/forum/discuss.php?d=381229#p1536766

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo