CVE-2009-0499

Moodle 1.7-1.7.7, 1.8-1.8.8, 1.9-1.9.4 - Cross-Site Request Forgery via Forum Post Deletion

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.

References (5)

Core 5
Core References
Various Sources x_refsource_confirm
http://moodle.org/security/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34418
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/02/04/1

Scores

EPSS 0.0029
EPSS Percentile 52.1%

Details

CWE
CWE-352
Status published
Products (16)
moodle/moodle 1.7.1
moodle/moodle 1.7.2
moodle/moodle 1.7.3
moodle/moodle 1.7.4
moodle/moodle 1.7.5
moodle/moodle 1.7.6
moodle/moodle 1.8.1
moodle/moodle 1.8.2
moodle/moodle 1.8.3
moodle/moodle 1.8.4
... and 6 more
Published Feb 10, 2009
Tracked Since Feb 18, 2026