Description
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.
Remediation
References
Related Vulnerabilities
WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Open Redirect (4.0)
Oracle JRE CVE-2023-22049 Vulnerability (CVE-2023-22049)
MySQL CVE-2021-2356 Vulnerability (CVE-2021-2356)
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-7305)
Claroline Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4844)