Description
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Merge+Minify+Refresh Cross-Site Request Forgery (1.10.6)
Drupal Core 7.x Remote Code Execution (7.0 - 7.73)
MySQL CVE-2015-4866 Vulnerability (CVE-2015-4866)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4584)
MediaWiki Resource Management Errors Vulnerability (CVE-2015-8002)