Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51
docs.moodle.org/en/Moodle_1.8.13_release_notes
docs.moodle.org/en/Moodle_1.9.9_release_notes
lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
moodle.org/mod/forum/discuss.php?d=152369
secunia.com/advisories/40248
secunia.com/advisories/40352
tracker.moodle.org/browse/MDL-21688
www.openwall.com/lists/oss-security/2010/06/21/2
www.vupen.com/english/advisories/2010/1530
www.vupen.com/english/advisories/2010/1571
bugzilla.redhat.com/show_bug.cgi?id=605809
lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html
lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html
lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html