Description
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.
Remediation
References
Related Vulnerabilities
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-35030)
WordPress Plugin Share Possible Remote Code Execution (1.0)
WordPress Plugin WP Shieldon-WordPress Firewall Cross-Site Scripting (1.6.3)
WordPress Plugin TAKETIN To WP Membership PHP Object Injection (1.2.7)
RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2018-1000074)