Description

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.

Remediation

References

CVE-2019-10186

Related Vulnerabilities

WordPress Plugin Count per Day SQL Injection (3.4)

Envoy Proxy CVE-2019-18802 Vulnerability (CVE-2019-18802)

Oracle Application Server CVE-2009-1009 Vulnerability (CVE-2009-1009)

WordPress Plugin Better WordPress reCAPTCHA (with no CAPTCHA reCAPTCHA) Cross-Site Scripting (2.0.3)

WordPress Plugin Windows Desktop and iPhone Photo Uploader Arbitrary File Upload (1.8)

Severity

High

Classification

CVE-2019-10186 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities