Moodle is vulnerable to cross-site request forgery (CSRF) attacks. These attacks are possible because it does not have enough session checking in enrol/imsenterprise/importnow.php
during import of IMS Enterprise identities. This can allow a malicious user to hijack administrator’s authentication during an IMS Enterprise file import.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 2.6.1 | |
moodle/moodle | le | 2.4.8 | |
moodle/moodle | le | 2.5.4 | |
moodle/moodle | le | 2.3.11 |