Description

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.

Remediation

References

CVE-2015-5335

Related Vulnerabilities

WordPress Plugin Twitch Player Cross-Site Scripting (2.1.0)

WordPress Plugin MW WP Form Directory Traversal (4.4.2)

Python Uncontrolled Resource Consumption Vulnerability (CVE-2021-3737)

Moodle CVE-2024-25981 Vulnerability (CVE-2024-25981)

WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar Cross-Site Scripting (3.0.1)

Severity

Medium

Classification

CVE-2015-5335 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities