Description

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

Remediation

References

CVE-2008-3325

Related Vulnerabilities

Ruby Numeric Errors Vulnerability (CVE-2008-2662)

WordPress Plugin cformsII Arbitrary File Upload (14.7)

WordPress Plugin Image Gallery with Slideshow Multiple Vulnerabilities (1.5.2)

WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)

Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-14322)

Severity

Medium

Classification

CVE-2008-3325 CWE-352

Tags

Missing Update Known Vulnerabilities