CVE-2011-4133

Published: Jul 16, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.

Affected (10)

Products: Moodle: Moodle

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Version 1.9.10
Moodle Moodle	Version 1.9.1
Moodle Moodle	Version 1.9.2
Moodle Moodle	Version 1.9.3
Moodle Moodle	Version 1.9.4
Moodle Moodle	Version 1.9.5
Moodle Moodle	Version 1.9.6
Moodle Moodle	Version 1.9.7
Moodle Moodle	Version 1.9.8
Moodle Moodle	Version 1.9.9

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f031d5431c1204197b1482fd6c63bc87a19a476

Source: secalert@redhat.com

http://moodle.org/mod/forum/discuss.php?d=170002

Source: secalert@redhat.com

Vendor Advisory

http://openwall.com/lists/oss-security/2011/11/14/1

Source: secalert@redhat.com

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f031d5431c1204197b1482fd6c63bc87a19a476

Source: af854a3a-2127-422b-91ae-364da2661108

http://moodle.org/mod/forum/discuss.php?d=170002

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://openwall.com/lists/oss-security/2011/11/14/1

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.