CVE-2022-45149: 
PHP vulnerability analysis and mitigation

CVE-2022-45149 is a vulnerability discovered in Moodle's course restore functionality. The vulnerability was identified when a user's CSRF (Cross-Site Request Forgery) token was unnecessarily included in the URL when being redirected to a course they have just restored. The issue affects Moodle versions 4.0 to 4.0.4, 3.11 to 3.11.10, 3.9 to 3.9.17, and earlier unsupported versions. The vulnerability was disclosed on November 21, 2022 (Moodle Forum).

The vulnerability stems from insufficient validation of the HTTP request origin in course redirect URL. The flaw involves the exposure of a user's CSRF token (Moodle sesskey) in the URL during course restoration redirects. This vulnerability has been classified as CWE-352, which is related to Cross-Site Request Forgery (CSRF) issues (CVE Mitre).

The vulnerability could allow a remote attacker to trick victims into visiting specially crafted web pages and perform arbitrary actions on their behalf on the vulnerable website. This enables potential cross-site request forgery attacks against affected Moodle installations (CVE Mitre).

The vulnerability has been fixed in Moodle versions 4.0.5, 3.11.11, and 3.9.18. Users are advised to upgrade to these patched versions to mitigate the risk. The fix was implemented through a commit addressing the MDL-75862 issue (Moodle Forum).