CVE-2020-36633 – moodle-block_sitenews block_sitenews.php get_content cross-site request forgery

https://notcve.org/view.php?id=CVE-2020-36633

A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. • https://github.com/eberhardt/moodle-block_sitenews/commit/cd18d8b1afe464ae6626832496f4e070bac4c58f https://github.com/eberhardt/moodle-block_sitenews/pull/5 https://github.com/eberhardt/moodle-block_sitenews/releases/tag/v1.1 https://vuldb.com/?ctiid.216879 https://vuldb.com/?id.216879 • CWE-352: Cross-Site Request Forgery (CSRF) •