Description
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
Remediation
References
Related Vulnerabilities
Piwigo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-9464)
WordPress 2.8.4 Denial of Service Vulnerability (0.6.2 - 2.8.4)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2484)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)