CVE-2017-7491

MEDIUM

Moodle 2.x-3.x - CSRF

Title source: llm

Description

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

References (1)

Scores

CVSS v3 4.3
EPSS 0.0012
EPSS Percentile 31.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (50)
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
... and 40 more
Published May 15, 2017
Tracked Since Feb 18, 2026