Description

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.

Remediation

References

CVE-2015-5335

Related Vulnerabilities

MySQL CVE-2020-14861 Vulnerability (CVE-2020-14861)

WebLogic CVE-2019-2615 Vulnerability (CVE-2019-2615)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.23)

WordPress Plugin PDF & Print Button Joliprint Multiple Cross-Site Scripting Vulnerabilities (1.3.0)

WordPress Plugin Relevanssi-A Better Search 'Seach Query' Field HTML Injection (2.7.2)

Severity

Medium

Classification

CVE-2015-5335 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities