Tyler William Thomas

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.3.11 Moodle versions 2.4.x before 2.4.9 Moodle versions 2.5.x before 2.5.5 Moodle versions 2.6.x before 2.6.2 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file. This occurs due to a vulnerability in the enrol/imsenterprise/importnow.php file. **Recommendations** For versions prior to 2.3.11, update to version 2.3.11 or later. For versions 2.4.x before 2.4.9, update to version 2.4.9 or later. For versions 2.5.x before 2.5.5, update to version 2.5.5 or later. For versions 2.6.x before 2.6.2, update to version 2.6.2 or later.