Description

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

Remediation

References

CVE-2017-7491

Related Vulnerabilities

MySQL CVE-2013-3807 Vulnerability (CVE-2013-3807)

WordPress Plugin DandyID Services Cross-Site Request Forgery (1.5.9)

WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.1.9)

Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-3368)

Nginx Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)

Severity

Medium

Classification

CVE-2017-7491 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities