Description
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10097)
WebLogic CVE-2021-2394 Vulnerability (CVE-2021-2394)
WordPress Plugin RSS Feed Reader 'rss_url' Parameter Cross-Site Scripting (0.1)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16738)
WordPress Plugin Simple Backup Arbitrary File Download (2.7.10)