CVE-2010-2231
Moodle < 1.8.13 and 1.9.x < 1.9.9 - Cross-Site Request Forgery via Quiz Attempt Deletion
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
References (15)
Core 15
Core References
Various Sources x_refsource_confirm
http://docs.moodle.org/en/Moodle_1.8.13_release_notes
Various Sources x_refsource_confirm
http://docs.moodle.org/en/Moodle_1.9.9_release_notes
Various Sources x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=152369
Various Sources x_refsource_confirm
http://tracker.moodle.org/browse/MDL-21688
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1571
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/06/21/2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40352
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1530
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40248
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Patch x_refsource_confirm
http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=605809
Scores
EPSS
0.0054
EPSS Percentile
67.7%
Details
CWE
CWE-352
Status
published
Products (50)
moodle/moodle
1.1.1
moodle/moodle
1.2.0
moodle/moodle
1.2.1
moodle/moodle
1.3.0
moodle/moodle
1.3.1
moodle/moodle
1.3.2
moodle/moodle
1.3.3
moodle/moodle
1.3.4
moodle/moodle
1.4.1
moodle/moodle
1.4.2
... and 40 more
Published
Jun 28, 2010
Tracked Since
Feb 18, 2026