CNNVD-202506-3123 Information

CNNVD ID

CNNVD-202506-3123

Related CVE

CVE-2025-53021

• CNNVD Published: 2025-06-24

Description (Chinese)

Moodle是Moodle开源的一套免费的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 3.x至3.11.18版本存在授权问题漏洞，该漏洞源于会话固定漏洞允许未经验证的攻击者通过sesskey参数劫持用户会话。

Description (English)

Moodle is an open-source, free-of-charge e-learning platform known as the curriculum management system, the learning management system or the virtual learning environment. Moodle 3.x to 3.11.18 has a mandate gap, which stems from a fixed gap in the conversation that allows uncertified assailants to hijack a user session through sesskey parameters.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

MoonShine

Published

2025-06-24

Last Modified

2026-02-24

References

https://github.com/moodle/moodle/releases/tag/v3.11.18 https://moodledev.io/general/releases#moodle-311 https://rentry.co/moodle-oauth2-cve

Patch

https://github.com/moodle/moodle/tags