CVE-2010-2231
EUVD-2010-224528.06.2010, 17:30
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| moodle | moodle | 𝑥 ≤ 1.8.12 |
| moodle | moodle | 1.1.1 |
| moodle | moodle | 1.2.0 |
| moodle | moodle | 1.2.1 |
| moodle | moodle | 1.3.0 |
| moodle | moodle | 1.3.1 |
| moodle | moodle | 1.3.2 |
| moodle | moodle | 1.3.3 |
| moodle | moodle | 1.3.4 |
| moodle | moodle | 1.4.1 |
| moodle | moodle | 1.4.2 |
| moodle | moodle | 1.4.3 |
| moodle | moodle | 1.4.4 |
| moodle | moodle | 1.4.5 |
| moodle | moodle | 1.5 |
| moodle | moodle | 1.5.0:beta |
| moodle | moodle | 1.5.1 |
| moodle | moodle | 1.5.2 |
| moodle | moodle | 1.5.3 |
| moodle | moodle | 1.6.0 |
| moodle | moodle | 1.6.1 |
| moodle | moodle | 1.6.2 |
| moodle | moodle | 1.6.3 |
| moodle | moodle | 1.6.4 |
| moodle | moodle | 1.6.5 |
| moodle | moodle | 1.6.6 |
| moodle | moodle | 1.6.7 |
| moodle | moodle | 1.6.8 |
| moodle | moodle | 1.7.1 |
| moodle | moodle | 1.7.2 |
| moodle | moodle | 1.7.3 |
| moodle | moodle | 1.7.4 |
| moodle | moodle | 1.7.5 |
| moodle | moodle | 1.7.6 |
| moodle | moodle | 1.8.1 |
| moodle | moodle | 1.8.2 |
| moodle | moodle | 1.8.3 |
| moodle | moodle | 1.8.4 |
| moodle | moodle | 1.8.5 |
| moodle | moodle | 1.8.6 |
| moodle | moodle | 1.8.7 |
| moodle | moodle | 1.8.8 |
| moodle | moodle | 1.8.9 |
| moodle | moodle | 1.8.10 |
| moodle | moodle | 1.8.11 |
| moodle | moodle | 1.9.1 |
| moodle | moodle | 1.9.2 |
| moodle | moodle | 1.9.3 |
| moodle | moodle | 1.9.4 |
| moodle | moodle | 1.9.5 |
| moodle | moodle | 1.9.6 |
| moodle | moodle | 1.9.7 |
| moodle | moodle | 1.9.8 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References