| Topic: | CSRF vulnerability in forum code |
| Severity: | Major |
| Versions affected: | < 1.9.4, < 1.8.8, < 1.7.7 |
| Reported by: | Kevin Madura |
| Issue no.: | MDL-17799, CVE-2009-0499 |
| Solution: | update to latest releases, weeklies or http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15 http://cvs.moodle.org/moodle/mod/forum/prune.html?r1=1.8&r2=1.8.4.1 http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.15&r2=1.154.2.16 |
Description:
Kevid Madura reported CSRF problem, which can be abused for unauthorised deleting of forum posts.