-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 2.5.9 | 2.5.9 |
| moodle/moodle | composer | >= 2.6.0, < 2.6.6 | 2.6.6 |
| moodle/moodle | composer | >= 2.7.0, < 2.7.3 | 2.7.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing CSRF protections (sesskey checks) in two endpoints. The GitHub patch shows require_sesskey() was added to both files' entry points. Before the fix, these scripts performed privileged actions without verifying the request originated from an authenticated session, allowing forged requests. The commit message and CVE description explicitly identify these endpoints as vulnerable. The return.php modifications further demonstrate session key validation was added to related functionality.
A Semantic Attack on Google Gemini - Read the Latest Research