Main
Vulnerability Database
Exploits
ID:226 - Exploit for Cross-site request forgery in Moodle - CVE-2018-16854
ID:226 - Exploit for Cross-site request forgery in Moodle - CVE-2018-16854
Published: March 18, 2020
Vulnerability identifier: #VU16009
Vulnerability risk: Low
CVE-ID: CVE-2018-16854
CWE-ID: CWE-352
Exploitation vector: Remote access
Vulnerable software:
Moodle
Moodle
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated attacker to perform CSRF attack.
The weakness exists in the web-based management interface due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
The weakness exists in the web-based management interface due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
Remediation
The vulnerability has been fixed in the versions 3.6, 3.5.3, 3.4.6, 3.3.9, 3.1.15.