6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.5%
Moodle is vulnerable to cross-site request forgery (CSRF) attacks. These attacks are possible because it does not have enough session checking in enrol/imsenterprise/importnow.php
during import of IMS Enterprise identities. This can allow a malicious user to hijack administrator’s authentication during an IMS Enterprise file import.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 2.6.1 | |
moodle/moodle | le | 2.4.8 | |
moodle/moodle | le | 2.5.4 | |
moodle/moodle | le | 2.3.11 |