Primary

Context

Moodle Cross-Site Request Forgery Vulnerability Allowing Unauthorized Tour Duplication

Vulnerability

Patched

A cross-site request forgery (CSRF) vulnerability in Moodle's User Tours Manager allows users to duplicate existing tours without logging in. This issue arises from a lack of CSRF protection in the tour duplication feature.

Impact

Exploitation of this vulnerability allows for unauthorized duplication of user tours in Moodle.

Remediation

Users can upgrade to Moodle versions 4.5.4, 4.4.8, 4.3.12, or 4.1.18 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Cross-Site Request Forgery Vulnerability Allowing Unauthorized Tour Duplication

Vulnerability

Impact

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating