Description

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.

Remediation

References

CVE-2015-5335

Related Vulnerabilities

WordPress Plugin Members Import Cross-Site Request Forgery (1.3)

WordPress Plugin Pinterest Automatic Pin Security Bypass (4.14.3)

WordPress Plugin Mail logging-WP Mail Catcher Cross-Site Scripting (2.1.2)

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-0130)

Envoy Proxy Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-39162)

Severity

Medium

Classification

CVE-2015-5335 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities