CVE-2009-4297
Moodle 1.8-1.8.10 and 1.9-1.9.6 - Cross-Site Request Forgery
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References (9)
Core 9
Core References
Patch x_refsource_confirm
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
Patch x_refsource_confirm
http://docs.moodle.org/en/Moodle_1.8.11_release_notes
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3455
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37614
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
Patch, Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=139100
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37244
Scores
EPSS
0.0040
EPSS Percentile
61.1%
Details
CWE
CWE-352
Status
published
Products (15)
moodle/moodle
1.8.1
moodle/moodle
1.8.2
moodle/moodle
1.8.3
moodle/moodle
1.8.4
moodle/moodle
1.8.5
moodle/moodle
1.8.7
moodle/moodle
1.8.8
moodle/moodle
1.8.9
moodle/moodle
1.8.10
moodle/moodle
1.9.1
... and 5 more
Published
Dec 16, 2009
Tracked Since
Feb 18, 2026