Description

Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.

Remediation

References

CVE-2012-6103

Related Vulnerabilities

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24407)

WordPress Plugin WP Planet Cross-Site Scripting (0.1)

Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4667)

Ruby Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-8780)

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'track' Parameter SQL Injection (3.6.5)

Severity

Medium

Classification

CVE-2012-6103 CWE-352

Tags

Missing Update Known Vulnerabilities