N/A

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

N/A

跨站请求伪造(CSRF)

Moodle 跨站请求伪造漏洞

Moodle是一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 4.0 到 4.0.4版本、3.11 到 3.11.10版本、3.9 到 3.9.17版本和之前版本存在安全漏洞，该漏洞源于当用户被重定向到他们刚刚恢复的课程时，用户的 CSRF 令牌包含在 URL 中，攻击者利用该漏洞可以欺骗受害者访问特制网页，并代表受害者在易受攻击的网站上执行任意操作。

N/A

N/A