CVE-2011-4133
EPSS 0.13%Moodle vulnerable to Cross-Site Request Forgery
Published: 5/13/2022Modified: 4/12/2025
Also known as:GHSA-7cvw-wrj9-q5fp
Description
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.
Affected packages (2)
- Debian/moodlefrom 0, < 1.9.9.dfsg2-2.1+squeeze1
- Packagist/moodle/moodle>= 1.9.0, < 1.9.11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-4133
- PATCHhttps://github.com/moodle/moodle
- WEBhttp://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f031d5431c1204197b1482fd6c63bc87a19a476
- WEBhttp://git.moodle.org/gw?p=moodle.git;a=commit;h=8f031d5431c1204197b1482fd6c63bc87a19a476
- WEBhttp://moodle.org/mod/forum/discuss.php?d=170002
- WEBhttp://openwall.com/lists/oss-security/2011/11/14/1