CVE-2016-3734

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.

Published: Apr 20, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-3734
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
moodle / moodle	2.7.1	2.7.1.x
moodle / moodle	2.7.0-rc2	2.7.0-rc2.x
moodle / moodle	2.8.3	2.8.3.x
moodle / moodle	2.8.7	2.8.7.x
moodle / moodle	2.7.6	2.7.6.x
moodle / moodle	2.7.11	2.7.11.x
moodle / moodle	2.7.2	2.7.2.x
moodle / moodle	2.7.4	2.7.4.x
moodle / moodle	2.9.4	2.9.4.x
moodle / moodle	2.8.9	2.8.9.x
moodle / moodle	2.7.9	2.7.9.x
moodle / moodle	2.8.10	2.8.10.x
moodle / moodle	2.8.4	2.8.4.x
moodle / moodle	2.8.6	2.8.6.x
moodle / moodle	3.0.2	3.0.2.x
moodle / moodle	2.7.12	2.7.12.x
moodle / moodle	3.0.0-beta	3.0.0-beta.x
moodle / moodle	3.0.0-rc3	3.0.0-rc3.x
moodle / moodle	3.0.0-rc4	3.0.0-rc4.x
moodle / moodle	2.7.0-beta	2.7.0-beta.x
moodle / moodle	2.7.10	2.7.10.x
moodle / moodle	2.7.5	2.7.5.x
moodle / moodle	3.0.1	3.0.1.x
moodle / moodle	2.7.3	2.7.3.x
moodle / moodle	2.8.8	2.8.8.x
moodle / moodle	2.7.0	2.7.0.x
moodle / moodle	3.0.0-rc1	3.0.0-rc1.x
moodle / moodle	3.0.0	3.0.0.x
moodle / moodle	2.9.1	2.9.1.x
moodle / moodle	2.8.1	2.8.1.x
moodle / moodle	2.9.5	2.9.5.x
moodle / moodle	2.7.0-rc1	2.7.0-rc1.x
moodle / moodle	3.0.0-rc2	3.0.0-rc2.x
moodle / moodle	2.8.11	2.8.11.x
moodle / moodle	2.8.5	2.8.5.x
moodle / moodle	2.7.13	2.7.13.x
moodle / moodle	3.0.3	3.0.3.x
moodle / moodle	2.9.2	2.9.2.x
moodle / moodle	2.7.8	2.7.8.x
moodle / moodle	2.9.3	2.9.3.x
moodle / moodle	2.8.2	2.8.2.x
moodle / moodle	2.7.7	2.7.7.x
moodle / moodle	2.8.0	2.8.0.x
moodle / moodle	2.9.0	2.9.0.x

Vulnerability Database

290,206

CVE-2016-3734