Описание
Moodle cross-site request forgery (CSRF) vulnerability
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-5335
- https://github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea
- https://github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94
- https://github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443
- https://github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686
- https://moodle.org/mod/forum/discuss.php?d=323230
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091
Пакеты
moodle/moodle
< 2.7.11
2.7.11
moodle/moodle
>= 2.8.0, < 2.8.9
2.8.9
moodle/moodle
>= 2.9.0, < 2.9.3
2.9.3
Связанные уязвимости
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.
Cross-site request forgery (CSRF) vulnerability in admin/registration/ ...
Уязвимость системы управления обучением Мoodle, позволяющая нарушителю подменить пользователя в ходе сессии