Moodle Cross-Site Request Forgery Vulnerability

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. cross-site request forgery vulnerability exists in Moodle 3.9.0 and later, versions prior to 3.9.18, 3.11.0 and later, versions prior to 3.11.11, 4.0.0 and later, and versions prior to 4.0.5. The vulnerability originates when a user is redirected to a course that the user has just resumed, the user’s CSRF token is included in the URL, and an attacker can exploit the vulnerability in order to trick the target user into visiting a specially crafted web page and performing arbitrary actions.