MSA-19-0013: Missing sesskey (CSRF) token in loading/unloading XML files

by Michael Hawkins.  

A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.


Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Callum Carney
CVE identifier:CVE-2019-10186
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53689
Tracker issue:MDL-53689 Missing sesskey (CSRF) token in loading/unloading xml files

Read more https://moodle.org/mod/forum/discuss.php?d=388567&parent=1566329