Moodle is vulnerable to token validation bypass. Lack of validation of necessary token in the “delete badge alignment” functionality opens up a CSRF risk.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.4 | |
moodle/moodle | le | v3.10.8 | |
moodle/moodle | le | v3.9.11 | |
moodle/moodle | le | v3.11.4 | |
moodle/moodle | le | v3.10.8 | |
moodle/moodle | le | v3.9.11 |