Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3325

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-3325
Last Modified 17 Feb 2009 01:49:01
Published 25 Jul 2008 12:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-3325

Summary

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

Vulnerable Systems

Application

  • Moodle 1.6

  • Moodle 1.6.1

  • Moodle 1.6.2

  • Moodle 1.6.3

  • Moodle 1.6.4

  • Moodle 1.6.5

  • Moodle 1.6.6

  • Moodle 1.7

  • Moodle 1.7.1

  • Moodle 1.7.2

  • Moodle 1.7.3

  • Moodle 1.7.4


References

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=101405

XF - moodle-editprofile-csrf(43964)

BUGTRAQ - 20080722 PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page

MISC - http://www.procheckup.com/Vulnerability_PR08-16.php

DEBIAN - DSA-1691

SECUNIA - 31339

SECUNIA - 31196

SUSE - SUSE-SR:2008:016


Last Updated: 27 May 2016 10:48:09