Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Helios Solutions Brand Logo Slider Arbitrary File Upload (2.1)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6332)
PHP Other Vulnerability (CVE-2007-4659)
WordPress Cross-Site Scripting Vulnerability (0.70 - 3.7.11)
WordPress Plugin Backup Migration Cross-Site Request Forgery (1.2.9)