PT-2016-1301 · Moodle · Moodle
Andrew Davis
·
Publicado
2015-12-05
·
Atualizado
2022-05-13
·
CVE-2015-5335
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 2.6.11
Moodle versions 2.7.x before 2.7.11
Moodle versions 2.8.x before 2.8.9
Moodle versions 2.9.x before 2.9.3
Description
A cross-site request forgery (CSRF) issue affects the admin/registration/register.php file, allowing remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL. This can enable an attacker to impersonate a user during a session by sending a request with statistics to any URL.
Recommendations
For versions prior to 2.6.11, update to version 2.6.11 or later.
For versions 2.7.x before 2.7.11, update to version 2.7.11 or later.
For versions 2.8.x before 2.8.9, update to version 2.8.9 or later.
For versions 2.9.x before 2.9.3, update to version 2.9.3 or later.
Correção
CSRF
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Moodle