Description

Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.

Remediation

References

CVE-2008-3262

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000170)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-25700)

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)

WordPress Plugin User Photo 'user-photo.php' Arbitrary File Upload (0.9.4)

WordPress Plugin WP Activity Log Information Disclosure (3.1.1)

Severity

Medium

Classification

CVE-2008-3262 CWE-352

Tags

Missing Update Known Vulnerabilities