Описание
Moodle vulnerable to Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-4281
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9cedb80c5d6318aa17cd66912d37e6ef3dca9455
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=9cedb80c5d6318aa17cd66912d37e6ef3dca9455
- http://moodle.org/mod/forum/discuss.php?d=170006
- http://openwall.com/lists/oss-security/2011/11/14/1
Пакеты
moodle/moodle
>= 2.0.0, < 2.0.2
2.0.2
Связанные уязвимости
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2 ...