CVE-2016-2157: CSRF

First published: Sun May 22 2016(Updated: )

Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Moodle Moodle	<=2.6.11
Moodle Moodle	=2.7.0
Moodle Moodle	=2.7.1
Moodle Moodle	=2.7.2
Moodle Moodle	=2.7.3
Moodle Moodle	=2.7.4
Moodle Moodle	=2.7.5
Moodle Moodle	=2.7.6
Moodle Moodle	=2.7.7
Moodle Moodle	=2.7.8
Moodle Moodle	=2.7.9
Moodle Moodle	=2.7.10
Moodle Moodle	=2.7.11
Moodle Moodle	=2.7.12
Moodle Moodle	=2.8.0
Moodle Moodle	=2.8.1
Moodle Moodle	=2.8.2
Moodle Moodle	=2.8.3
Moodle Moodle	=2.8.4
Moodle Moodle	=2.8.5
Moodle Moodle	=2.8.6
Moodle Moodle	=2.8.7
Moodle Moodle	=2.8.8
Moodle Moodle	=2.8.9
Moodle Moodle	=2.8.10
Moodle Moodle	=2.9.0
Moodle Moodle	=2.9.1
Moodle Moodle	=2.9.2
Moodle Moodle	=2.9.3
Moodle Moodle	=2.9.4
Moodle Moodle	=3.0.0
Moodle Moodle	=3.0.1
Moodle Moodle	=3.0.2
composer/moodle/moodle	>=3.0.0<3.0.3	3.0.3
composer/moodle/moodle	>=2.9.0<2.9.5	2.9.5
composer/moodle/moodle	>=2.8.0<2.8.11	2.8.11
composer/moodle/moodle	<2.7.13	2.7.13
	<=2.6.11
	=2.7.0
	=2.7.1
	=2.7.2
	=2.7.3
	=2.7.4
	=2.7.5
	=2.7.6
	=2.7.7
	=2.7.8
	=2.7.9
	=2.7.10
	=2.7.11
	=2.7.12
	=2.8.0
	=2.8.1
	=2.8.2
	=2.8.3
	=2.8.4
	=2.8.5
	=2.8.6
	=2.8.7
	=2.8.8
	=2.8.9
	=2.8.10
	=2.9.0
	=2.9.1
	=2.9.2
	=2.9.3
	=2.9.4
	=3.0.0
	=3.0.1
	=3.0.2

CVE-2016-2157: CSRF

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact