CVE-2010-2231
28.06.2010, 17:30
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
| Vendor | Product | Version |
|---|---|---|
| moodle | moodle | 𝑥 ≤ 1.8.12 |
| moodle | moodle | 1.1.1 |
| moodle | moodle | 1.2.0 |
| moodle | moodle | 1.2.1 |
| moodle | moodle | 1.3.0 |
| moodle | moodle | 1.3.1 |
| moodle | moodle | 1.3.2 |
| moodle | moodle | 1.3.3 |
| moodle | moodle | 1.3.4 |
| moodle | moodle | 1.4.1 |
| moodle | moodle | 1.4.2 |
| moodle | moodle | 1.4.3 |
| moodle | moodle | 1.4.4 |
| moodle | moodle | 1.4.5 |
| moodle | moodle | 1.5 |
| moodle | moodle | 1.5.0:beta |
| moodle | moodle | 1.5.1 |
| moodle | moodle | 1.5.2 |
| moodle | moodle | 1.5.3 |
| moodle | moodle | 1.6.0 |
| moodle | moodle | 1.6.1 |
| moodle | moodle | 1.6.2 |
| moodle | moodle | 1.6.3 |
| moodle | moodle | 1.6.4 |
| moodle | moodle | 1.6.5 |
| moodle | moodle | 1.6.6 |
| moodle | moodle | 1.6.7 |
| moodle | moodle | 1.6.8 |
| moodle | moodle | 1.7.1 |
| moodle | moodle | 1.7.2 |
| moodle | moodle | 1.7.3 |
| moodle | moodle | 1.7.4 |
| moodle | moodle | 1.7.5 |
| moodle | moodle | 1.7.6 |
| moodle | moodle | 1.8.1 |
| moodle | moodle | 1.8.2 |
| moodle | moodle | 1.8.3 |
| moodle | moodle | 1.8.4 |
| moodle | moodle | 1.8.5 |
| moodle | moodle | 1.8.6 |
| moodle | moodle | 1.8.7 |
| moodle | moodle | 1.8.8 |
| moodle | moodle | 1.8.9 |
| moodle | moodle | 1.8.10 |
| moodle | moodle | 1.8.11 |
| moodle | moodle | 1.9.1 |
| moodle | moodle | 1.9.2 |
| moodle | moodle | 1.9.3 |
| moodle | moodle | 1.9.4 |
| moodle | moodle | 1.9.5 |
| moodle | moodle | 1.9.6 |
| moodle | moodle | 1.9.7 |
| moodle | moodle | 1.9.8 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References