WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-25982)

Description

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

Remediation

References

Related Vulnerabilities

Python NULL Pointer Dereference Vulnerability (CVE-2019-5010)

Oracle JRE CVE-2012-5086 Vulnerability (CVE-2012-5086)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2694)

Jenkins Insufficient Verification of Data Authenticity Vulnerability (CVE-2015-7539)

WordPress Plugin YITH WooCommerce Wishlist SQL Injection (2.1.2)

Severity

High

Classification

CVE-2024-25982 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities