Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.

Remediation

References

CVE-2015-5338

Related Vulnerabilities

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.7)

WordPress Plugin Integration for Contact Form 7 and Infusionsoft Cross-Site Scripting (1.1.2)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23174)

Microsoft IIS5 NTLM and Basic authentication bypass

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3796)

Severity

High

Classification

CVE-2015-5338 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities