Description

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

Remediation

References

CVE-2017-7491

Related Vulnerabilities

WordPress Plugin Network Publisher 'networkpub_key' Parameter Cross-Site Scripting (5.0.1)

WordPress Plugin Product Catalog Multiple SQL Injection Vulnerabilities (2.1)

WordPress Plugin miniOrange's Google Authenticator-WordPress Two Factor Authentication (2FA, MFA, OTP SMS and Email)-Passwordless login Cross-Site Scripting (5.4.39)

Zope Web Application Server Other Vulnerability (CVE-2010-3198)

WordPress Plugin Twenty20 Image Before-After Malicious Code (1.6.3)

Severity

Medium

Classification

CVE-2017-7491 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities