CSRF Vulnerability in Moodle's Delete Related Badge Functionality
CVE-2021-43559 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Learn more about our Web Application Penetration Testing UK.