Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0499

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2009-0499
Last Modified 01 Apr 2009 01:42:34
Published 09 Feb 2009 09:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0499

Summary

Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.

Vulnerable Systems

Application

  • Moodle 1.7

  • Moodle 1.7.1

  • Moodle 1.7.2

  • Moodle 1.7.3

  • Moodle 1.7.4

  • Moodle 1.7.5

  • Moodle 1.7.6

  • Moodle 1.8

  • Moodle 1.8.1

  • Moodle 1.8.2

  • Moodle 1.8.3

  • Moodle 1.8.4

  • Moodle 1.8.5

  • Moodle 1.8.6

  • Moodle 1.8.7

  • Moodle 1.9

  • Moodle 1.9.1

  • Moodle 1.9.2

  • Moodle 1.9.3


References

MLIST - [oss-security] 20090204 CVS request - Moodle

SECUNIA - 34418

CONFIRM - http://moodle.org/security/

SUSE - SUSE-SR:2009:007

CONFIRM - http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15


Last Updated: 27 May 2016 10:50:16