CVE-2015-0213
Moodle < 2.5.9 and 2.6.x < 2.6.7 - Cross-Site Request Forgery in Glossary Module
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2015/01/19/1
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=278613
Scores
EPSS
0.0013
EPSS Percentile
31.3%
Details
CWE
CWE-352
Status
published
Products (23)
moodle/moodle
2.5.0
moodle/moodle
2.5.1
moodle/moodle
2.5.2
moodle/moodle
2.5.3
moodle/moodle
2.5.4
moodle/moodle
2.5.5
moodle/moodle
2.5.6
moodle/moodle
2.5.7
moodle/moodle
2.5.8
moodle/moodle
2.6.0
... and 13 more
Published
Jun 01, 2015
Tracked Since
Feb 18, 2026