Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.
Remediation
References
Related Vulnerabilities
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)
WordPress Plugin Login Logout Menu Cross-Site Scripting (1.3.3)
MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)
Artifactory Incorrect Authorization Vulnerability (CVE-2021-45730)