Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-11-24T11:00:00

Updated: 2024-08-06T13:03:27.320Z

Reserved: 2014-10-03T00:00:00

Link: CVE-2014-7838

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2014-11-24T11:59:08.917

Modified: 2020-12-01T14:54:45.183

Link: CVE-2014-7838

cve-icon Redhat

No data.