Lucene search

GitHub Advisory DatabaseGHSA-4WVG-7886-83GV

HistoryMay 13, 2022 - 1:12 a.m.

Moodle cross-site request forgery (CSRF) vulnerability

2022-05-1301:12:51

CWE-352

GitHub Advisory Database

github.com

7.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.3%

JSON

Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.

CPENameOperatorVersion
moodle/moodlelt2.6.2
moodle/moodlelt2.5.5
moodle/moodlelt2.4.9

Name	Operator	Version
moodle/moodle	lt	2.6.2
moodle/moodle	lt	2.5.5
moodle/moodle	lt	2.4.9

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146

openwall.com/lists/oss-security/2014/03/17/1

github.com/advisories/GHSA-4wvg-7886-83gv

github.com/moodle/moodle/commit/41a19bffeef0ee6b0560a5ff808fd4bd35075fa1

github.com/moodle/moodle/commit/caf766507771e07c1752ece1f37a32b2b4f6d8b9

github.com/moodle/moodle/commit/ea8647b39ec9cf1d73e04b05559bd12d97aa5229

github.com/moodle/moodle/commit/eee61675f042a9ec89f8f6d219b4ded010198fe4

moodle.org/mod/forum/discuss.php?d=256423

nvd.nist.gov/vuln/detail/CVE-2014-0126