Topic: | Potential Cross Site Request Forgery in Quiz reports |
Severity/Risk: | Major |
Versions affected: | <1.8.13 and <1.9.9 |
Reported by: | Petr Skoda |
Issue no.: | MDL-21688 |
Solution: | upgrade to 1.8.13 or 1.9.9 |
Workaround: | apply patch http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51 |
Description:
Only limited validation was being done for one of the parameters, allowing unauthorised deletion of attempts in some instances.