Moodle Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2015-5338 - Vulnerability Database

Moodle Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2015-5338

High

Reference: CVE-2015-5338

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-5338

Title: Moodle Cross-Site Request Forgery (CSRF) Vulnerability

Overview:

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11 2.7.x before 2.7.11 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.