CVE-2012-6103
Moodle 2.2.x-2.2.7 2.3.x-2.3.4 2.4.x-2.4.1 - Cross-Site Request Forgery in Messaging System
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=220164
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/01/21/1
Scores
EPSS
0.0013
EPSS Percentile
31.3%
Details
CWE
CWE-352
Status
published
Products (12)
moodle/moodle
2.2.0
moodle/moodle
2.2.1
moodle/moodle
2.2.2
moodle/moodle
2.2.3
moodle/moodle
2.2.4
moodle/moodle
2.2.5
moodle/moodle
2.2.6
moodle/moodle
2.3.0
moodle/moodle
2.3.1
moodle/moodle
2.3.2
... and 2 more
Published
Jan 27, 2013
Tracked Since
Feb 18, 2026