LOWCVE-2019-10133CVSS 3.1

CVE-2019-10133: Redirect Vulnerability in Moodle

Platform

php

Component

moodle

Fixed in

3.7.1

AI Confidence: highNVDEPSS 0.2%Reviewed: May 2026

View on NVD

Save

CVE-2019-10133 describes a redirect vulnerability discovered in Moodle prior to versions 3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18. This flaw stems from a lack of proper URL restriction within the cohort upload form, enabling attackers to redirect users to arbitrary external websites. The vulnerability has been rated as LOW severity. Affected users should upgrade to Moodle version 3.7 or later to mitigate the risk.

Impact and Attack Scenarios

An attacker could exploit this vulnerability by crafting a malicious cohort upload form that contains a redirect URL pointing to a phishing site or a site hosting malware. When a user attempts to upload the cohort, they would be redirected to the attacker-controlled site without their knowledge. This could lead to credential theft, malware infection, or other malicious activities. The impact is primarily related to user redirection and potential social engineering attacks, rather than direct system compromise. While the CVSS score is LOW, the potential for phishing and user deception should not be underestimated, especially in environments where users are not security-aware.

Exploitation Context

CVE-2019-10133 was publicly disclosed on June 26, 2019. There is no indication of active exploitation campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog. Public proof-of-concept exploits are available, demonstrating the feasibility of the attack.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.17% (38% percentile)

CVSS Vector

Affected Software

Componentmoodle

VendorMoodle

Affected rangeFixed in

3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18 – 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.183.7.1

Weakness Classification (CWE)

CWE-601

Timeline

Reserved2019-03-27
Published2019-06-26
Modified2024-08-04
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2019-10133 is to upgrade Moodle to version 3.7 or later, which includes the necessary fix. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) rule to block redirects to external domains from the cohort upload form. Additionally, educate users about the risks of clicking on unexpected links and verifying the legitimacy of websites before entering credentials. Regularly review Moodle configuration settings to ensure that URL restrictions are properly enforced.

How to fix

Update Moodle to version 3.7 or higher, or to versions 3.6.4, 3.5.6, 3.4.9, or 3.1.18, which contain the fix for this vulnerability. This will prevent users from being redirected to unwanted external URLs through the cohort upload form.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2019-10133 — Redirect Vulnerability in Moodle?

CVE-2019-10133 is a LOW severity vulnerability in Moodle versions prior to 3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18. It allows attackers to redirect users via an unrestricted URL in the cohort upload form.

Am I affected by CVE-2019-10133 in Moodle?

You are affected if you are running Moodle versions 3.7 or earlier, specifically versions ≤3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18.

How do I fix CVE-2019-10133 in Moodle?

Upgrade Moodle to version 3.7 or later to resolve the vulnerability. Consider a WAF rule to block external redirects as a temporary mitigation.

Is CVE-2019-10133 being actively exploited?

There is no confirmed evidence of active exploitation campaigns targeting CVE-2019-10133 at this time.

Where can I find the official Moodle advisory for CVE-2019-10133?

Refer to the official Moodle security advisory at https://security.moodle.org/mod/showcontent/content/440