CVE-2021-36396 - AskarLabs CVE Database

CVE-2021-36396

Vendor N/A

Product Moodle

Weakness CWE-918 · SSRF

Published March 6, 2023

Last update March 5, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

Key dates

02Disclosure timeline

March 6, 2023 CVE published

March 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-36396 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2025-57943 WordPress Skimlinks Affiliate Marketing Tool plugin <= 1.3.1 - Server Side Request Forgery (SSRF) vulnerability CVE-2026-2479 Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload CVE-2023-22493 RSSHub is vulnerable to SSRF (Server-Side Request Forgery) CVE-2024-12867 Server-Side Request Forgery in Arctic Hub URL Mapper allows an unauthenticated remote attacker to exfiltrate and modify configurations and data CVE-2025-7843 Auto Save Remote Images (Drafts) <= 1.0.9 - Authenticated (Contributor+) Server-Side Request Forgery