Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.

Remediation

References

CVE-2015-5338

Related Vulnerabilities

MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41362)

WordPress Plugin The Events Calendar Open Redirect (4.1.1)

Oracle Database Server CVE-2020-2969 Vulnerability (CVE-2020-2969)

WordPress Plugin WP Learn Manager Cross-Site Scripting (1.1.2)

Oracle JRE CVE-2013-2469 Vulnerability (CVE-2013-2469)

Severity

High

Classification

CVE-2015-5338 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities