Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-11-24T11:00:00
Updated: 2024-08-06T13:03:27.416Z
Reserved: 2014-10-03T00:00:00
Link: CVE-2014-7836
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-11-24T11:59:06.947
Modified: 2020-12-01T14:54:45.183
Link: CVE-2014-7836
Redhat
No data.