Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-11-24T11:00:00

Updated: 2024-08-06T13:03:27.416Z

Reserved: 2014-10-03T00:00:00

Link: CVE-2014-7836

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2014-11-24T11:59:06.947

Modified: 2020-12-01T14:54:45.183

Link: CVE-2014-7836

cve-icon Redhat

No data.