Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x prior to 1.6.7 and 1.7.x prior to 1.7.5 allows remote malicious users to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle |
||
debian debian linux 4.0 |