CSRF Vulnerability in Moodle's Delete Related Badge Functionality

CSRF Vulnerability in Moodle's Delete Related Badge Functionality

CVE-2021-43559 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

Learn more about our Web Application Penetration Testing UK.