Description

Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.

Remediation

References

CVE-2014-0126

Related Vulnerabilities

CakePHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3712)

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies PHP Object Injection (1.5.7)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2022-1434)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2582)

WordPress Plugin Subscribe2 Unspecified Vulnerability (10.20.5)

Severity

Medium

Classification

CVE-2014-0126 CWE-352

Tags

Missing Update Known Vulnerabilities