Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24561

Forum subscribe.php does not check sesskey()

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.9, 2.0
    • Fix Version/s: 1.9.11, 2.0.2
    • Component/s: Forum
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE

      Description

      /mod/forum/subscribe.php does not seem to check sesskey(). Therefore, nasty users could use it for CSRF attack and let easily other user to subscribe to many other forums, for example (spam risk).

        Attachments

          Issue Links

          caused a regression

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-33194 Can't subscribe other user to forum

          • Minor - Minor loss of function where workaround is possible
          • Closed

            Activity

              People

              Assignee:
              mudrd8mz David Mudrák (@mudrd8mz)
              Reporter:
              mudrd8mz David Mudrák (@mudrd8mz)
              Participants:
              Component watchers:
              Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                21/Feb/11