CVE-2011-4133
moodle - several
EPSS 0.13%
Description
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.
How to fix CVE-2011-4133
To remediate CVE-2011-4133, upgrade the affected package to a fixed version below.
- Debian/moodle—upgrade to 1.9.9.dfsg2-2.1+squeeze1 or later
- Packagist/moodle/moodle—upgrade to 1.9.11 or later
Is CVE-2011-4133 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.9.9.dfsg2-2.1+squeeze1
- >= 1.9.0, < 1.9.11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |