Description

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

Remediation

References

CVE-2017-7491

Related Vulnerabilities

WordPress Plugin Google XML Sitemap for Videos Cross-Site Request Forgery (2.6.1)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1454)

WordPress Plugin Link Library Cross-Site Scripting (5.9.12.29)

XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-0612)

WordPress Plugin Limit Attempts by BestWebSoft Multiple Vulnerabilities (1.0.3)

Severity

Medium

Classification

CVE-2017-7491 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities