CVE-2017-7491

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt