CVE-2011-4133

CVE-2011-4133

EPSS 1.0%

Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f031d5431c1204197b1482fd6c63bc87a19a476 http://moodle.org/mod/forum/discuss.php?d=170002 http://openwall.com/lists/oss-security/2011/11/14/1