Cross-Site Request Forgery (CSRF)

Moodle is vulnerable to cross-site request forgery (CSRF) attacks. The application does not check for a session key in the Glossary module, allowing a malicious user to hijack the authentication of other users through editcategories.html and editcategories.php.