Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Insert or Embed Articulate Content into WordPress Security Bypass (4.2996)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4041)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5267)
WordPress Plugin Page Restrict Cross-Site Scripting (2.2.1)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9041)