Description

Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

Remediation

References

CVE-2015-0218

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-0107)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5056)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-11328)

Apache HTTP Server Numeric Errors Vulnerability (CVE-2003-1580)

WordPress 3.7.x Denial of Service Vulnerability (3.7 - 3.7.25)

Severity

Medium

Classification

CVE-2015-0218 CWE-352

Tags

Missing Update Known Vulnerabilities