Description

Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

Remediation

References

CVE-2015-0218

Related Vulnerabilities

Squid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13345)

WordPress Plugin Advanced Woo Search Cross-Site Scripting (2.77)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1130)

WordPress Plugin Apocalypse Meow Security Bypass (21.2.7)

WordPress Plugin Ultimate Reviews PHP Object Injection (2.1.32)

Severity

Medium

Classification

CVE-2015-0218 CWE-352

Tags

Missing Update Known Vulnerabilities