CVE-2022-45152: 
PHP vulnerability analysis and mitigation

A blind Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-45152) was discovered in Moodle's LTI provider library. The vulnerability was found due to insufficient validation of user-supplied input, where the library failed to utilize Moodle's inbuilt cURL helper. The vulnerability affects Moodle versions 4.0 to 4.0.4, 3.11 to 3.11.10, 3.9 to 3.9.17, and earlier unsupported versions (Moodle Forum).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) vulnerability (CWE-918). It received a CVSS v3.1 base score of 9.1 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed (NVD).

The vulnerability allows remote attackers to perform SSRF attacks by sending specially crafted HTTP requests that can trick the application into initiating requests to arbitrary systems. This could potentially lead to unauthorized access to internal resources and data exposure (NVD).

The vulnerability has been fixed in Moodle versions 4.0.5, 3.11.11, and 3.9.18. Users are strongly advised to upgrade to these patched versions to mitigate the risk (Moodle Forum).