Description

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

Remediation

References

CVE-2014-0010

Related Vulnerabilities

WordPress Plugin Analytics Stats Counter Statistics PHP Object Injection (1.2.2.5)

SharePoint CVE-2020-17089 Vulnerability (CVE-2020-17089)

WordPress Plugin GeoDirectory Location Manager Multiple SQL Injection Vulnerabilities (2.1.0.9)

Phusion Passenger Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-12028)

Apache HTTP Server CVE-2024-40725 Vulnerability (CVE-2024-40725)

Severity

Medium

Classification

CVE-2014-0010 CWE-352

Tags

Missing Update Known Vulnerabilities