Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-11-24T11:00:00

Updated: 2024-08-06T13:03:27.320Z

Reserved: 2014-10-03T00:00:00

Link: CVE-2014-7838

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-11-24T11:59:08.917

Modified: 2024-11-21T02:18:06.787

Link: CVE-2014-7838

cve-icon Redhat

No data.