Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.

Remediation

References

CVE-2014-7838

Related Vulnerabilities

e107 Other Vulnerability (CVE-2004-2262)

MySQL CVE-2017-3320 Vulnerability (CVE-2017-3320)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20140)

Apache HTTP Server Numeric Errors Vulnerability (CVE-2010-0010)

WordPress Plugin Easy Social Icons Multiple Vulnerabilities (1.2.2)

Severity

Medium

Classification

CVE-2014-7838 CWE-352

Tags

Missing Update Known Vulnerabilities