Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.

Remediation

References

CVE-2014-7838

Related Vulnerabilities

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)

WordPress Plugin ClickBank Affiliate Ads Multiple Vulnerabilities (1.7)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23129)

WordPress Plugin WP TripAdvisor Review Slider Cross-Site Scripting (11.8)

Django Cleartext Transmission of Sensitive Information Vulnerability (CVE-2019-12781)

Severity

Medium

Classification

CVE-2014-7838 CWE-352

Tags

Missing Update Known Vulnerabilities