Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.
Remediation
References
Related Vulnerabilities
silverstripeCMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-25817)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12466)
MySQL CVE-2016-0656 Vulnerability (CVE-2016-0656)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.127.3)