Description
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
Remediation
References
Related Vulnerabilities
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9866)
Joomla Improper Certificate Validation Vulnerability (CVE-2017-11364)
WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.7.4)
Play Framework Uncontrolled Recursion Vulnerability (CVE-2020-26883)
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958)