vulnerability

Moodle: Cross-Site Request Forgery (CSRF) (CVE-2019-10186)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Jul 31, 2019	Nov 7, 2019	Nov 27, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jul 31, 2019

Added

Nov 7, 2019

Modified

Nov 27, 2024

Description

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.

Solution(s)

moodle-upgrade-3_5_7moodle-upgrade-3_6_5moodle-upgrade-3_7_1

References

CVE-2019-10186
https://attackerkb.com/topics/CVE-2019-10186
URL-http://www.securityfocus.com/bid/109175
URL-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186
URL-https://moodle.org/mod/forum/discuss.php?d=388567#p1566329

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today