Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9cedb80c5d6318aa17cd66912d37e6ef3dca9455
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/11/14/1
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=170006
Scores
EPSS
0.0013
EPSS Percentile
31.3%
Details
CWE
CWE-352
Status
published
Products (3)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.0 - 2.0.2Packagist
Published
Jul 16, 2012
Tracked Since
Feb 18, 2026