Description

Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.

Remediation

References

CVE-2012-6103

Related Vulnerabilities

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Multiple Vulnerabilities (4.1.5.2)

WordPress Plugin WP Simple Booking Calendar SQL Injection (2.0.6)

OpenSSL Other Vulnerability (CVE-2004-0975)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23214)

MySQL CVE-2021-35610 Vulnerability (CVE-2021-35610)

Severity

Medium

Classification

CVE-2012-6103 CWE-352

Tags

Missing Update Known Vulnerabilities