A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the sites URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.