Moderate severityNVD Advisory· Published Nov 24, 2014· Updated May 6, 2026

CVE-2014-7836

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
moodle/moodlePackagist	< 2.5.9	2.5.9
moodle/moodlePackagist	>= 2.6.0, < 2.6.6	2.6.6
moodle/moodlePackagist	>= 2.7.0, < 2.7.3	2.7.3

Affected products

Moodle/Moodle19 versions
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.4.11
- cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*

Patches

48ea41c48f3d

MDL-47924 mod_lti: Fixing missing sesskey checking

https://github.com/moodle/moodleDavid MonllaoOct 29, 2014via ghsa

commit

3 files changed · +19 −9

mod/lti/instructor_edit_tool_type.php+2 −0 modified

@@ -37,6 +37,8 @@
 $action = optional_param('action', null, PARAM_TEXT);
 $typeid = optional_param('typeid', null, PARAM_INT);
 
+require_sesskey();
+
 require_capability('mod/lti:addcoursetool', context_course::instance($courseid));
 
 if (!empty($typeid)) {

mod/lti/request_tool.php+2 −0 modified

@@ -35,6 +35,8 @@
 
 require_login($course);
 
+require_sesskey();
+
 require_capability('mod/lti:requesttooladd', context_course::instance($lti->course));
 
 $baseurl = lti_get_domain_from_url($lti->toolurl);

mod/lti/return.php+15 −9 modified

@@ -61,21 +61,27 @@
 
     echo htmlspecialchars($errormsg);
 
-    $canaddtools = has_capability('mod/lti:addcoursetool', context_course::instance($courseid));
+    if ($unsigned == 1) {
 
-    if ($unsigned == 1 && $canaddtools) {
         echo '<br /><br />';
-
         $links = new stdClass();
-        $coursetooleditor = new moodle_url('/mod/lti/instructor_edit_tool_type.php', array('course' => $courseid, 'action' => 'add'));
-        $links->course_tool_editor = $coursetooleditor->out(false);
+        $coursecontext = context_course::instance($courseid);
+
+        if (has_capability('mod/lti:addcoursetool', $coursecontext)) {
+            $coursetooleditor = new moodle_url('/mod/lti/instructor_edit_tool_type.php',
+                array('course' => $courseid, 'action' => 'add', 'sesskey' => sesskey()));
+            $links->course_tool_editor = $coursetooleditor->out(false);
 
-        $adminrequesturl = new moodle_url('/mod/lti/request_tool.php', array('instanceid' => $instanceid));
-        $links->admin_request_url = $adminrequesturl->out(false);
+            echo get_string('lti_launch_error_unsigned_help', 'lti', $links);
+        }
 
-        echo get_string('lti_launch_error_unsigned_help', 'lti', $links);
+        if (has_capability('mod/lti:requesttooladd', $coursecontext)) {
+            $adminrequesturl = new moodle_url('/mod/lti/request_tool.php',
+                array('instanceid' => $instanceid, 'sesskey' => sesskey()));
+            $links->admin_request_url = $adminrequesturl->out(false);
 
-        echo get_string('lti_launch_error_tool_request', 'lti', $links);
+            echo get_string('lti_launch_error_tool_request', 'lti', $links);
+        }
     }
 
     echo $OUTPUT->footer();

babaf596e10e

MDL-47924 mod_lti: Fixing missing sesskey checkings

https://github.com/moodle/moodleDavid MonllaoOct 29, 2014via ghsa

commit

3 files changed · +16 −9

mod/lti/instructor_edit_tool_type.php+2 −0 modified

@@ -36,6 +36,8 @@
 $action = optional_param('action', null, PARAM_TEXT);
 $typeid = optional_param('typeid', null, PARAM_INT);
 
+require_sesskey();
+
 require_capability('mod/lti:addcoursetool', context_course::instance($courseid));
 
 if (!empty($typeid)) {

mod/lti/request_tool.php+2 −0 modified

@@ -36,6 +36,8 @@
 
 require_login($course);
 
+require_sesskey();
+
 require_capability('mod/lti:requesttooladd', context_course::instance($lti->course));
 
 $baseurl = lti_get_domain_from_url($lti->toolurl);

mod/lti/return.php+12 −9 modified

@@ -74,21 +74,24 @@
 
     echo htmlspecialchars($errormsg);
 
-    $canaddtools = has_capability('mod/lti:addcoursetool', context_course::instance($courseid));
+    if ($unsigned == 1) {
 
-    if ($unsigned == 1 && $canaddtools) {
+        $contextcourse = context_course::instance($courseid);
         echo '<br /><br />';
-
         $links = new stdClass();
-        $coursetooleditor = new moodle_url('/mod/lti/instructor_edit_tool_type.php',
-            array('course' => $courseid, 'action' => 'add'));
-        $links->course_tool_editor = $coursetooleditor->out(false);
 
-        echo get_string('lti_launch_error_unsigned_help', 'lti', $links);
+        if (has_capability('mod/lti:addcoursetool', $contextcourse)) {
+            $coursetooleditor = new moodle_url('/mod/lti/instructor_edit_tool_type.php',
+                array('course' => $courseid, 'action' => 'add', 'sesskey' => sesskey()));
+            $links->course_tool_editor = $coursetooleditor->out(false);
+
+            echo get_string('lti_launch_error_unsigned_help', 'lti', $links);
+        }
 
-        if (!empty($lti)) {
-            $adminrequesturl = new moodle_url('/mod/lti/request_tool.php', array('instanceid' => $lti->id));
+        if (!empty($lti) && has_capability('mod/lti:requesttooladd', $contextcourse)) {
+            $adminrequesturl = new moodle_url('/mod/lti/request_tool.php', array('instanceid' => $lti->id, 'sesskey' => sesskey()));
             $links->admin_request_url = $adminrequesturl->out(false);
+
             echo get_string('lti_launch_error_tool_request', 'lti', $links);
         }
     }

bac38b11ab95

MDL-47924 mod_lti: Fixing missing sesskey checkings

https://github.com/moodle/moodleDavid MonllaoOct 29, 2014via ghsa

commit

3 files changed · +16 −8

mod/lti/instructor_edit_tool_type.php+2 −0 modified

@@ -36,6 +36,8 @@
 $action = optional_param('action', null, PARAM_TEXT);
 $typeid = optional_param('typeid', null, PARAM_INT);
 
+require_sesskey();
+
 require_capability('mod/lti:addcoursetool', context_course::instance($courseid));
 
 if (!empty($typeid)) {

mod/lti/request_tool.php+2 −0 modified

@@ -36,6 +36,8 @@
 
 require_login($course);
 
+require_sesskey();
+
 require_capability('mod/lti:requesttooladd', context_course::instance($lti->course));
 
 $baseurl = lti_get_domain_from_url($lti->toolurl);

mod/lti/return.php+12 −8 modified

@@ -74,20 +74,24 @@
 
     echo htmlspecialchars($errormsg);
 
-    $canaddtools = has_capability('mod/lti:addcoursetool', context_course::instance($courseid));
+    if ($unsigned == 1) {
 
-    if ($unsigned == 1 && $canaddtools) {
+        $contextcourse = context_course::instance($courseid);
         echo '<br /><br />';
-
         $links = new stdClass();
-        $coursetooleditor = new moodle_url('/mod/lti/instructor_edit_tool_type.php', array('course' => $courseid, 'action' => 'add'));
-        $links->course_tool_editor = $coursetooleditor->out(false);
 
-        echo get_string('lti_launch_error_unsigned_help', 'lti', $links);
+        if (has_capability('mod/lti:addcoursetool', $contextcourse)) {
+            $coursetooleditor = new moodle_url('/mod/lti/instructor_edit_tool_type.php',
+                array('course' => $courseid, 'action' => 'add', 'sesskey' => sesskey()));
+            $links->course_tool_editor = $coursetooleditor->out(false);
+
+            echo get_string('lti_launch_error_unsigned_help', 'lti', $links);
+        }
 
-        if (!empty($lti)) {
-            $adminrequesturl = new moodle_url('/mod/lti/request_tool.php', array('instanceid' => $lti->id));
+        if (!empty($lti) && has_capability('mod/lti:requesttooladd', $contextcourse)) {
+            $adminrequesturl = new moodle_url('/mod/lti/request_tool.php', array('instanceid' => $lti->id, 'sesskey' => sesskey()));
             $links->admin_request_url = $adminrequesturl->out(false);
+
             echo get_string('lti_launch_error_tool_request', 'lti', $links);
         }
     }

75d7e25198ee

MDL-47924 mod_lti: Fixing missing sesskey checkings

https://github.com/moodle/moodleDavid MonllaoOct 29, 2014via ghsa

commit

3 files changed · +16 −8

mod/lti/instructor_edit_tool_type.php+2 −0 modified

@@ -37,6 +37,8 @@
 $action = optional_param('action', null, PARAM_TEXT);
 $typeid = optional_param('typeid', null, PARAM_INT);
 
+require_sesskey();
+
 require_capability('mod/lti:addcoursetool', context_course::instance($courseid));
 
 if (!empty($typeid)) {

mod/lti/request_tool.php+2 −0 modified

@@ -37,6 +37,8 @@
 
 require_login($course);
 
+require_sesskey();
+
 require_capability('mod/lti:requesttooladd', context_course::instance($lti->course));
 
 $baseurl = lti_get_domain_from_url($lti->toolurl);

mod/lti/return.php+12 −8 modified

@@ -75,20 +75,24 @@
 
     echo htmlspecialchars($errormsg);
 
-    $canaddtools = has_capability('mod/lti:addcoursetool', context_course::instance($courseid));
+    if ($unsigned == 1) {
 
-    if ($unsigned == 1 && $canaddtools) {
+        $contextcourse = context_course::instance($courseid);
         echo '<br /><br />';
-
         $links = new stdClass();
-        $coursetooleditor = new moodle_url('/mod/lti/instructor_edit_tool_type.php', array('course' => $courseid, 'action' => 'add'));
-        $links->course_tool_editor = $coursetooleditor->out(false);
 
-        echo get_string('lti_launch_error_unsigned_help', 'lti', $links);
+        if (has_capability('mod/lti:addcoursetool', $contextcourse)) {
+            $coursetooleditor = new moodle_url('/mod/lti/instructor_edit_tool_type.php',
+                array('course' => $courseid, 'action' => 'add', 'sesskey' => sesskey()));
+            $links->course_tool_editor = $coursetooleditor->out(false);
+
+            echo get_string('lti_launch_error_unsigned_help', 'lti', $links);
+        }
 
-        if (!empty($lti)) {
-            $adminrequesturl = new moodle_url('/mod/lti/request_tool.php', array('instanceid' => $lti->id));
+        if (!empty($lti) && has_capability('mod/lti:requesttooladd', $contextcourse)) {
+            $adminrequesturl = new moodle_url('/mod/lti/request_tool.php', array('instanceid' => $lti->id, 'sesskey' => sesskey()));
             $links->admin_request_url = $adminrequesturl->out(false);
+
             echo get_string('lti_launch_error_tool_request', 'lti', $links);
         }
     }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-wpq5-q3mj-8f3rghsaADVISORY
moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2014-7836ghsaADVISORY
openwall.com/lists/oss-security/2014/11/17/11nvdWEB
github.com/moodle/moodle/commit/48ea41c48f3dcf28fb40fe0b0a1f0c4c0453d34dghsaWEB
github.com/moodle/moodle/commit/75d7e25198eeb6255963e2e46212d89b14e05dd7ghsaWEB
github.com/moodle/moodle/commit/babaf596e10ee525e58314b36f8063c65b59aa7dghsaWEB
github.com/moodle/moodle/commit/bac38b11ab95862a831c6e6e60c03caf64eda599ghsaWEB
web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215ghsaWEB
www.securitytracker.com/id/1031215nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000