GoogleOSV:GHSA-4WVG-7886-83GVMoodle cross-site request forgery (CSRF) vulnerability
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146
openwall.com/lists/oss-security/2014/03/17/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/41a19bffeef0ee6b0560a5ff808fd4bd35075fa1
github.com/moodle/moodle/commit/caf766507771e07c1752ece1f37a32b2b4f6d8b9
github.com/moodle/moodle/commit/ea8647b39ec9cf1d73e04b05559bd12d97aa5229
github.com/moodle/moodle/commit/eee61675f042a9ec89f8f6d219b4ded010198fe4
moodle.org/mod/forum/discuss.php?d=256423
nvd.nist.gov/vuln/detail/CVE-2014-0126
Related
