Lukas Schmidt

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.x through 3.x **Description** A CSRF attack is possible, allowing attackers to change the configuration setting for the number of courses displayed in the course overview block. **Recommendations** For Moodle versions 2.x through 3.x, update the configuration to restrict access to the course overview block settings to prevent unauthorized changes. As a temporary workaround, consider disabling the course overview block until a patch is available. Restrict access to the configuration settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.