Published: 23/11/2022 Updated: 07/11/2023
CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an malicious user to perform cross-site request forgery attacks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

moodle moodle

fedoraproject fedora 35

fedoraproject fedora 36

fedoraproject fedora 37