Description

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

Remediation

References

CVE-2014-0010

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9019)

Oracle Application Server CVE-2008-2583 Vulnerability (CVE-2008-2583)

Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2021-24122)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5271)

Nginx Insufficient Session Expiration Vulnerability (CVE-2014-3616)

Severity

Medium

Classification

CVE-2014-0010 CWE-352

Tags

Missing Update Known Vulnerabilities