Description
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Remediation
References
Related Vulnerabilities
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5539)
Oracle JRE CVE-2013-2445 Vulnerability (CVE-2013-2445)
WordPress Plugin Import CSV Directory Traversal (1.0)
SharePoint CVE-2022-21987 Vulnerability (CVE-2022-21987)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)