Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-11-24T11:00:00

Updated: 2024-08-06T13:03:27.416Z

Reserved: 2014-10-03T00:00:00

Link: CVE-2014-7836

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-11-24T11:59:06.947

Modified: 2024-11-21T02:18:06.540

Link: CVE-2014-7836

cve-icon Redhat

No data.