Описание
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.5.5 |
| cosmic | not-affected | 2.5.5 |
| devel | not-affected | 2.5.5 |
| disco | not-affected | 2.5.5 |
| esm-apps/bionic | not-affected | 2.5.5 |
| esm-apps/xenial | not-affected | 2.5.5 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise ...
EPSS
6.8 Medium
CVSS2