Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24561

Forum subscribe.php does not check sesskey()

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.9, 2.0
    • Fix Version/s: 1.9.11, 2.0.2
    • Component/s: Forum
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE

      Description

      /mod/forum/subscribe.php does not seem to check sesskey(). Therefore, nasty users could use it for CSRF attack and let easily other user to subscribe to many other forums, for example (spam risk).

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    21/Feb/11