Description
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events SQL Injection (2.3.4)
WordPress Plugin WP-BlipBot Cross-Site Scripting (3.0.9)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2348)
WordPress Plugin User Login Log Cross-Site Scripting (2.2.2)
Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-21809)