Description

Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.

Remediation

References

CVE-2010-2231

Related Vulnerabilities

WordPress Plugin InfiniteWP Client Unspecified Vulnerability (1.3.14)

TYPO3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-19848)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4938)

WordPress Plugin WP Table Builder-WordPress Table Cross-Site Scripting (1.3.9)

Oracle Database Server CVE-2009-1964 Vulnerability (CVE-2009-1964)

Severity

Medium

Classification

CVE-2010-2231 CWE-352

Tags

Missing Update Known Vulnerabilities