FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

moodle -- Login CSRF vulnerability

Affected packages
		moodle31	<	3.1.15
		moodle33	<	3.3.9
		moodle34	<	3.4.6
		moodle35	<	3.5.3

Details

VuXML ID	889e35f4-f6a0-11e8-82dc-fcaa147e860e
Discovery	2018-11-06
Entry	2018-12-03

moodle reports:

The login form is not protected by a token to prevent login cross-site request forgery.

[source]

References

CVE Name	CVE-2018-16854
URL	https://moodle.org/mod/forum/discuss.php?d=378731

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.