CSRF Vulnerability in Moodle Allows Unauthorized Configuration Changes

CSRF Vulnerability in Moodle Allows Unauthorized Configuration Changes

CVE-2017-7491 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

Learn more about our Web Application Penetration Testing UK.