Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ecj2-c6rx-57a1
Summary
Moodle SSRF Vulnerability
The `edit_blog.php` script allows a registered user to add external RSS feed resources. It was identified that this feature could be abused to be used as a SSRF attack vector by adding a malicious URL/TCP PORT in order to target internal network or an internet hosted server, bypassing firewall rules, IP filtering and more.

This kind of vulnerability is then called “blind” because of no response available on Moodle web site, enforcing attacker to exploit it using a “time based” approach.
Aliases
0
alias CVE-2019-6970
1
alias GHSA-vjxx-54vw-q59f
Fixed_packages
0
url pkg:composer/moodle/moodle@3.5.4
purl pkg:composer/moodle/moodle@3.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4
Affected_packages
0
url pkg:composer/moodle/moodle@3.5.0
purl pkg:composer/moodle/moodle@3.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17vy-726y-u7fz
1
vulnerability VCID-1wmh-jwh7-2fcw
2
vulnerability VCID-2avg-qvn9-bkdn
3
vulnerability VCID-2et6-3ejg-27b8
4
vulnerability VCID-8xgp-3nds-d7dm
5
vulnerability VCID-a8sa-7ed7-wbby
6
vulnerability VCID-ajnx-w4at-7fgp
7
vulnerability VCID-d17g-sacy-nkfw
8
vulnerability VCID-dhu5-3tda-2qfx
9
vulnerability VCID-eb8w-rqef-sqca
10
vulnerability VCID-ecj2-c6rx-57a1
11
vulnerability VCID-ehpf-6ra7-syfy
12
vulnerability VCID-gtpy-dhmm-mufn
13
vulnerability VCID-hurp-xp2w-wbcp
14
vulnerability VCID-nbpz-vdd1-w3ae
15
vulnerability VCID-qfmd-5exc-c3f3
16
vulnerability VCID-qnn9-5vhh-nkd8
17
vulnerability VCID-t5d1-h6c9-6kex
18
vulnerability VCID-u843-6ku8-6bh7
19
vulnerability VCID-useh-xm73-zub8
20
vulnerability VCID-vabw-g3da-bqbz
21
vulnerability VCID-wk9h-bhj5-zua8
22
vulnerability VCID-x2e5-m5rs-7qfr
23
vulnerability VCID-xktx-amv6-gbh2
24
vulnerability VCID-yq9c-xav3-e3bv
25
vulnerability VCID-zn3y-sq7h-83h9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6970
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.39943
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6970
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
url https://github.com/moodle/moodle
2
reference_url https://www.excellium-services.com/cert-xlm-advisory
reference_id
reference_type
scores
url https://www.excellium-services.com/cert-xlm-advisory
3
reference_url https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-6970
reference_id CVE-2019-6970
reference_type
scores
url https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-6970
4
reference_url https://excellium-services.com/cert-xlm-advisory/cve-2019-6970
reference_id CVE-2019-6970
reference_type
scores
url https://excellium-services.com/cert-xlm-advisory/cve-2019-6970
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6970
reference_id CVE-2019-6970
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-6970
6
reference_url https://www.excellium-services.com/cert-xlm-advisory/cve-2019-6970
reference_id CVE-2019-6970
reference_type
scores
url https://www.excellium-services.com/cert-xlm-advisory/cve-2019-6970
7
reference_url https://github.com/advisories/GHSA-vjxx-54vw-q59f
reference_id GHSA-vjxx-54vw-q59f
reference_type
scores
url https://github.com/advisories/GHSA-vjxx-54vw-q59f
Weaknesses
0
cwe_id 918
name Server-Side Request Forgery (SSRF)
description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ecj2-c6rx-57a1