CVE-2009-4297

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Bounce Attack
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 16/12/09 - Updated on 16/12/09

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Category: Bounce Attack

CWE-352 (Cross-Site Request Forgery (CSRF))
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Security Notices

US National Vulnerability DatabaseCVE-2009-4297

Exploits

SecurityFocusBID-37244

Relative technologies

VendorProduct
moodlemoodle

Share this vulnerability with:

Twitter Facebook LinkedIn Mail