Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:4691
HistoryJul 26, 2017 - 5:27 a.m.

Cross-Site Request Forgery(CSRF)

2017-07-2605:27:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6

EPSS

0.023

Percentile

89.8%

Moodle is vulnerable to cross-site request forgery (CSRF) attacks. The attacks exist because it does not properly check session key validity on password-protected lesson modules, allowing the authenticated users to hijack the request sent to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.