Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

Remediation

References

CVE-2021-43559

Related Vulnerabilities

WordPress Plugin CSS Plus Multiple Unspecified Vulnerabilities (1.3.1)

WordPress Plugin Acumbamail Information Disclosure (1.0.4)

MySQL CVE-2021-35612 Vulnerability (CVE-2021-35612)

WordPress Plugin Nmedia MailChimp Widget 'abs_path' Parameter Remote File Include (3.1)

PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10211)

Severity

High

Classification

CVE-2021-43559 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities