CVE-2011-4133
EPSS 0.13%moodle - several
發布日:2022/5/13修改日:2026/3/9
描述
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.
受影響套件(2)
- Debian/moodlefrom 0, < 1.9.9.dfsg2-2.1+squeeze1
- Packagist/moodle/moodle>= 1.9.0, < 1.9.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-4133
- PATCHhttps://github.com/moodle/moodle
- WEBhttp://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f031d5431c1204197b1482fd6c63bc87a19a476
- WEBhttp://git.moodle.org/gw?p=moodle.git;a=commit;h=8f031d5431c1204197b1482fd6c63bc87a19a476
- WEBhttp://moodle.org/mod/forum/discuss.php?d=170002
- WEBhttp://openwall.com/lists/oss-security/2011/11/14/1