CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.8%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2022-45149

Moodle » Moodle » Version: 3.11.0

cpe:2.3:a:moodle:moodle:3.11.0
Moodle » Moodle » Version: 3.11.1

cpe:2.3:a:moodle:moodle:3.11.1
Moodle » Moodle » Version: 3.11.10

cpe:2.3:a:moodle:moodle:3.11.10
Moodle » Moodle » Version: 3.11.2

cpe:2.3:a:moodle:moodle:3.11.2
Moodle » Moodle » Version: 3.11.3

cpe:2.3:a:moodle:moodle:3.11.3
Moodle » Moodle » Version: 3.11.4

cpe:2.3:a:moodle:moodle:3.11.4
Moodle » Moodle » Version: 3.11.5

cpe:2.3:a:moodle:moodle:3.11.5
Moodle » Moodle » Version: 3.11.6

cpe:2.3:a:moodle:moodle:3.11.6
Moodle » Moodle » Version: 3.11.7

cpe:2.3:a:moodle:moodle:3.11.7
Moodle » Moodle » Version: 3.11.8

cpe:2.3:a:moodle:moodle:3.11.8
Moodle » Moodle » Version: 3.11.9

cpe:2.3:a:moodle:moodle:3.11.9
Moodle » Moodle » Version: 3.9.0

cpe:2.3:a:moodle:moodle:3.9.0
Moodle » Moodle » Version: 3.9.1

cpe:2.3:a:moodle:moodle:3.9.1
Moodle » Moodle » Version: 3.9.10

cpe:2.3:a:moodle:moodle:3.9.10
Moodle » Moodle » Version: 3.9.11

cpe:2.3:a:moodle:moodle:3.9.11
Moodle » Moodle » Version: 3.9.12

cpe:2.3:a:moodle:moodle:3.9.12
Moodle » Moodle » Version: 3.9.13

cpe:2.3:a:moodle:moodle:3.9.13
Moodle » Moodle » Version: 3.9.14

cpe:2.3:a:moodle:moodle:3.9.14
Moodle » Moodle » Version: 3.9.15

cpe:2.3:a:moodle:moodle:3.9.15
Moodle » Moodle » Version: 3.9.16

cpe:2.3:a:moodle:moodle:3.9.16
Moodle » Moodle » Version: 3.9.17

cpe:2.3:a:moodle:moodle:3.9.17
Moodle » Moodle » Version: 3.9.2

cpe:2.3:a:moodle:moodle:3.9.2
Moodle » Moodle » Version: 3.9.3

cpe:2.3:a:moodle:moodle:3.9.3
Moodle » Moodle » Version: 3.9.4

cpe:2.3:a:moodle:moodle:3.9.4
Moodle » Moodle » Version: 3.9.5

cpe:2.3:a:moodle:moodle:3.9.5
Moodle » Moodle » Version: 3.9.6

cpe:2.3:a:moodle:moodle:3.9.6
Moodle » Moodle » Version: 3.9.7

cpe:2.3:a:moodle:moodle:3.9.7
Moodle » Moodle » Version: 3.9.8

cpe:2.3:a:moodle:moodle:3.9.8
Moodle » Moodle » Version: 3.9.9

cpe:2.3:a:moodle:moodle:3.9.9
Moodle » Moodle » Version: 4.0.0

cpe:2.3:a:moodle:moodle:4.0.0
Moodle » Moodle » Version: 4.0.1

cpe:2.3:a:moodle:moodle:4.0.1
Moodle » Moodle » Version: 4.0.2

cpe:2.3:a:moodle:moodle:4.0.2
Moodle » Moodle » Version: 4.0.3

cpe:2.3:a:moodle:moodle:4.0.3
Fedoraproject » Fedora » Version: 35

cpe:2.3:o:fedoraproject:fedora:35
Fedoraproject » Fedora » Version: 36

cpe:2.3:o:fedoraproject:fedora:36
Fedoraproject » Fedora » Version: 37

cpe:2.3:o:fedoraproject:fedora:37

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-45149

Products

Pricing

Contact Us