6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.1%
Cross-site request forgery (CSRF) vulnerability in
enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before
2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers
to hijack the authentication of administrators for requests that import an
IMS Enterprise file.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146
openwall.com/lists/oss-security/2014/03/17/1
launchpad.net/bugs/cve/CVE-2014-0126
moodle.org/mod/forum/discuss.php?d=256423
nvd.nist.gov/vuln/detail/CVE-2014-0126
security-tracker.debian.org/tracker/CVE-2014-0126
www.cve.org/CVERecord?id=CVE-2014-0126