Published: 10/02/2009 Updated: 01/12/2020

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 prior to 1.7.7, 1.8 prior to 1.8.8, and 1.9 prior to 1.9.4 allows remote malicious users to delete unauthorized forum posts via a link or IMG tag to post.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 1.7.5
moodle moodle 1.7.6
moodle moodle 1.8.5
moodle moodle 1.9.2
moodle moodle 1.9.1
moodle moodle 1.7.3
moodle moodle 1.7.4
moodle moodle 1.8.4
moodle moodle 1.8.6
moodle moodle 1.7.1
moodle moodle 1.7.2
moodle moodle 1.8.2
moodle moodle 1.8.3
moodle moodle 1.9.3
moodle moodle 1.8.1
moodle moodle 1.8.7

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user (CVE-2007-3215) ...

CWE-352 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15 http://moodle.org/security/http://www.openwall.com/lists/oss-security/2009/02/04/1 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/34418 https://usn.ubuntu.com/791-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0499

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect