Details
Description
/mod/forum/subscribe.php does not seem to check sesskey(). Therefore, nasty users could use it for CSRF attack and let easily other user to subscribe to many other forums, for example (spam risk).
Attachments
Issue Links
- caused a regression
-
MDL-33194 Can't subscribe other user to forum
-
- Closed
-