| Topic: | Potential Cross Site Request Forgery in Quiz reports |
| Severity/Risk: | Major |
| Versions affected: | <1.8.13 and <1.9.9 |
| Reported by: | Petr Skoda |
| Issue no.: | MDL-21688 |
| Solution: | upgrade to 1.8.13 or 1.9.9 |
| Workaround: | apply patch http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51 |
Description:
Only limited validation was being done for one of the parameters, allowing unauthorised deletion of attempts in some instances.