-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability exists in two key areas: 1) importnow.php executed critical import functionality without validating() the session token via require_sesskey(), making CSRF trivial. 2) The settings interface created an actionable 'import now' link without including the sesskey parameter, allowing attackers to construct malicious links. The patch added sesskey validation in importnow.php and tokenized the link in settings.php, confirming these as the vulnerable points.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 2.4.9 | 2.4.9 |
| moodle/moodle | composer | >= 2.5.0, < 2.5.5 | 2.5.5 |
| moodle/moodle | composer | >= 2.6.0, < 2.6.2 | 2.6.2 |
A Semantic Attack on Google Gemini - Read the Latest Research