PT-2016-1301 · Moodle · Moodle
Andrew Davis
·
Published
2015-12-05
·
Updated
2022-05-13
·
CVE-2015-5335
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 2.6.11
Moodle versions 2.7.x before 2.7.11
Moodle versions 2.8.x before 2.8.9
Moodle versions 2.9.x before 2.9.3
Description
A cross-site request forgery (CSRF) issue affects the admin/registration/register.php file, allowing remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL. This can enable an attacker to impersonate a user during a session by sending a request with statistics to any URL.
Recommendations
For versions prior to 2.6.11, update to version 2.6.11 or later.
For versions 2.7.x before 2.7.11, update to version 2.7.11 or later.
For versions 2.8.x before 2.8.9, update to version 2.8.9 or later.
For versions 2.9.x before 2.9.3, update to version 2.9.3 or later.
Fix
CSRF
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Moodle