Lucene search

K

Veracode Vulnerability DatabaseVERACODE:4774

HistoryJul 28, 2017 - 4:40 a.m.

Cross-site Request Forgery (CSRF)

2017-07-2804:40:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

EPSS

0.002

Percentile

52.7%

Moodle is vulnerable to cross-site request forgery (CSRF) attacks. The application does not check the session key in mod/lti/request_tool.php and mod/lti/instructor_edit_tool_type.php, allowing a malicious user to hijack authentication of an arbitrary user.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924

openwall.com/lists/oss-security/2014/11/17/11

www.securitytracker.com/id/1031215

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924

moodle.org/mod/forum/discuss.php?d=275162

EPSS

0.002

Percentile

52.7%

Related for VERACODE:4774

github1 prion1 ubuntucve1 osv1 cvelist1 nvd1 cve1 nessus1 openvas1 mageia1