Description

Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.

Remediation

References

CVE-2016-2157

Related Vulnerabilities

WordPress Plugin Theme Blvd Widget Areas Multiple Security Bypass Vulnerabilities (1.2.2)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2022-23302)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.9.4)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9577)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-14998)

Severity

High

Classification

CVE-2016-2157 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities