Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.
Remediation
References
Related Vulnerabilities
Joomla CVE-2012-5827 Vulnerability (CVE-2012-5827)
WordPress Plugin LionScripts:IP Blocker Lite Cross-Site Request Forgery (10.3)
WordPress Plugin Resume Submissions & Job Postings Cross-Site Scripting (2.5.3)
TYPO3 CVE-2024-25121 Vulnerability (CVE-2024-25121)
Python Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4944)