CVE-2011-4281 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.

Reference

http://git.moodle.org/gw?p=moodle.git;a=commit;h=9cedb80c5d6318aa17cd66912d37e6ef3dca9455 http://moodle.org/mod/forum/discuss.php?d=170006 http://openwall.com/lists/oss-security/2011/11/14/1