CVE-2011-4133
Moodle 1.9.0-1.9.10 - Cross-Site Request Forgery via RSS Block Feed Modification
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/11/14/1
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=170002
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f031d5431c1204197b1482fd6c63bc87a19a476
Scores
EPSS
0.0013
EPSS Percentile
31.3%
Details
CWE
CWE-352
Status
published
Products (11)
moodle/moodle
1.9.1
moodle/moodle
1.9.2
moodle/moodle
1.9.3
moodle/moodle
1.9.4
moodle/moodle
1.9.5
moodle/moodle
1.9.6
moodle/moodle
1.9.7
moodle/moodle
1.9.8
moodle/moodle
1.9.9
moodle/moodle
1.9.10
... and 1 more
Published
Jul 16, 2012
Tracked Since
Feb 18, 2026