Moodle · Moodle · CVE-2017-7491
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 2.x through 3.x
**Description**
A CSRF attack is possible, allowing attackers to change the configuration setting for the number of courses displayed in the course overview block.
**Recommendations**
For Moodle versions 2.x through 3.x, update the configuration to restrict access to the course overview block settings to prevent unauthorized changes.
As a temporary workaround, consider disabling the course overview block until a patch is available.
Restrict access to the configuration settings to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.