Security Announcements

 
 
Picture of Helen Foster
MSA-10-0013: Potential Cross Site Request Forgery vulnerability in Quiz reports
 
Topic: Potential Cross Site Request Forgery in Quiz reports
Severity/Risk: Major
Versions affected: <1.8.13 and <1.9.9
Reported by: Petr Skoda
Issue no.: MDL-21688
Solution: upgrade to 1.8.13 or 1.9.9
Workaround: apply patch
http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51


Description:
Only limited validation was being done for one of the parameters, allowing unauthorised deletion of attempts in some instances.