CVE-2015-5335

MEDIUM

Moodle <2.6.11-2.9.3 - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.

References (2)

Scores

CVSS v3 4.3
EPSS 0.0007
EPSS Percentile 20.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE
CWE-352 CWE-200
Status draft

Affected Products (25)

moodle/moodle < 2.6.11
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
... and 10 more

Timeline

Published Feb 22, 2016
Tracked Since Feb 18, 2026