Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Moodle 跨站请求伪造漏洞
Vulnerability Description
Moodle是一套免费、开源的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 4.0 到 4.0.4版本、3.11 到 3.11.10版本、3.9 到 3.9.17版本和之前版本存在安全漏洞,该漏洞源于当用户被重定向到他们刚刚恢复的课程时,用户的 CSRF 令牌包含在 URL 中,攻击者利用该漏洞可以欺骗受害者访问特制网页,并代表受害者在易受攻击的网站上执行任意操作。
CVSS Information
N/A
Vulnerability Type
N/A