Description

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.

Remediation

References

CVE-2015-5335

Related Vulnerabilities

Oracle JRE CVE-2012-1533 Vulnerability (CVE-2012-1533)

Internet Information Services Other Vulnerability (CVE-1999-0154)

WordPress Plugin Ad Blocker Notify Lite Cross-Site Scripting (2.4.0)

Ruby 7PK - Security Features Vulnerability (CVE-2015-3900)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9548)

Severity

Medium

Classification

CVE-2015-5335 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities