CVE-2014-0010
Moodle < 2.2.11, 2.3.x < 2.3.11, 2.4.x < 2.4.8, 2.5.x < 2.5.4, 2.6.x < 2.6.1 - Cross-Site Request Forgery
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/01/20/1
Patch, Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=252416
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102261
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029649
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
Scores
EPSS
0.0029
EPSS Percentile
52.9%
Details
CWE
CWE-352
Status
published
Products (50)
fedoraproject/fedora
19
fedoraproject/fedora
20
moodle/moodle
2.4.0
moodle/moodle
2.4.1
moodle/moodle
2.4.2
moodle/moodle
2.4.3
moodle/moodle
2.4.4
moodle/moodle
2.4.5
moodle/moodle
2.4.6
moodle/moodle
2.4.7
... and 40 more
Published
Jan 20, 2014
Tracked Since
Feb 18, 2026