Cross-Site Request Forgery (CSRF) Vulnerabilities in Moodle Lesson Module

Cross-Site Request Forgery (CSRF) Vulnerabilities in Moodle Lesson Module

CVE-2015-5338 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.

Learn more about our User Device Pen Test.