4 matches found
EUVD-2025-19060
Malicious code in bioql PyPI...
Session Fixation
Moodle is vulnerable to Session Fixation. The vulnerability is due to improper session management and unauthenticated access to the sesskey parameter, which can be reused in the OAuth2 login flow, allowing attackers to hijack user sessions...
CVE-2025-53021
A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the...
CVE-2025-53021
A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the...