Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Moodle OpenAI Chat Block plugin 安全漏洞
Vulnerability Description
Moodle OpenAI Chat Block plugin是Moodle开源的一个大模型聊天插件。 Moodle OpenAI Chat Block plugin 3.0.1版本存在安全漏洞,该漏洞源于对blockId参数验证不足,可能导致不安全的直接对象引用攻击。
CVSS Information
N/A
Vulnerability Type
N/A