Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2015-5335

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.

  • Published: Feb 22, 2016
  • Updated: Apr 13, 2023
  • CVE: CVE-2015-5335
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
moodle / moodle 2.7.1 2.7.1.x
moodle / moodle 2.8.3 2.8.3.x
moodle / moodle 2.8.7 2.8.7.x
moodle / moodle 2.7.6 2.7.6.x
moodle / moodle 2.7.2 2.7.2.x
moodle / moodle 2.7.4 2.7.4.x
moodle / moodle 2.7.9 2.7.9.x
moodle / moodle 2.8.4 2.8.4.x
moodle / moodle 2.8.6 2.8.6.x
moodle / moodle - 2.6.11.x
moodle / moodle 2.7.10 2.7.10.x
moodle / moodle 2.7.5 2.7.5.x
moodle / moodle 2.7.3 2.7.3.x
moodle / moodle 2.8.8 2.8.8.x
moodle / moodle 2.7.0 2.7.0.x
moodle / moodle 2.9.1 2.9.1.x
moodle / moodle 2.8.1 2.8.1.x
moodle / moodle 2.8.5 2.8.5.x
moodle / moodle 2.9.2 2.9.2.x
moodle / moodle 2.7.8 2.7.8.x
moodle / moodle 2.8.2 2.8.2.x
moodle / moodle 2.7.7 2.7.7.x
moodle / moodle 2.8.0 2.8.0.x
moodle / moodle 2.9.0 2.9.0.x