Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 1.7.1 |
Related Weaknesses (CWE)
References
- http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://moodle.org/security/
- http://secunia.com/advisories/34418
- http://www.openwall.com/lists/oss-security/2009/02/04/1
- http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://moodle.org/security/
- http://secunia.com/advisories/34418
- http://www.openwall.com/lists/oss-security/2009/02/04/1
FAQ
What is CVE-2009-0499?
CVE-2009-0499 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a li...
How severe is CVE-2009-0499?
CVE-2009-0499 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0499?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.