Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-3734)

Description

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.

Remediation

References

Related Vulnerabilities

WordPress Plugin One Click SSL Cross-Site Request Forgery (1.4.6)

WordPress Plugin YITH WooCommerce Added to Cart Popup Security Bypass (1.3.11)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (2.1.3)

Oracle JRE CVE-2017-10309 Vulnerability (CVE-2017-10309)

WordPress Plugin Redirection PHP Object Injection (2.7.3)

Severity

High

Classification

CVE-2016-3734 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities