Description
Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3243 Vulnerability (CVE-2017-3243)
PHP Numeric Errors Vulnerability (CVE-2011-1092)
WordPress Plugin Improved user search in backend Cross-Site Request Forgery (1.2.4)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.6)
Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)