In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
{ "severity": "High", "cpes": [ "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*" ] }