Moodle Cross-Site Request Forgery Vulnerability (CNVD-2022-08151)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. cross-site request forgery vulnerability exists in Moodle 3.11 through 3.11.4, 3.10 through 3.10.8, and 3.9 through 3.9.11, which stems from insufficient HTTP request origin validation in the Remove Tag Alignment feature. An attacker could use the vulnerability to spoof malicious requests to trick victims into clicking to perform sensitive actions.