CVE-2008-3325

CVSS V2 Medium 6 CVSS V3 None

Description

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

Overview

CVE ID
CVE-2008-3325

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2008-07-25T16:41:00

Last Modified Date
2018-11-01T15:10:21

Weakness Enumerations

CWE	URL
CWE-352	http://cwe.mitre.org/data/definitions/352.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:moodle:moodle::::::::	1	OR	1.6	1.6.7
cpe:2.3:a:moodle:moodle::::::::	1	OR	1.7	1.7.5
cpe:2.3:o:debian:debian_linux:4.0:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
SINGLE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
6

Severity
MEDIUM

Exploitability Score
6.8

Impact Score
6.4

References

Reference URL	Reference Tags
http://www.procheckup.com/Vulnerability_PR08-16.php	Broken Link
http://moodle.org/mod/forum/discuss.php?d=101405	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html	Third Party Advisory
http://secunia.com/advisories/31339	Third Party Advisory
http://secunia.com/advisories/31196	Third Party Advisory
http://www.debian.org/security/2008/dsa-1691	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43964	VDB Entry
http://www.securityfocus.com/archive/1/494658/100/0/threaded	Third Party Advisory VDB Entry

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2008-3325
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3325

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 17:54:17				Added to TrackCVE