Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24561

Forum subscribe.php does not check sesskey()

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.9.9, 2.0
    • 1.9.11, 2.0.2
    • Forum
    • None
    • MOODLE_19_STABLE, MOODLE_20_STABLE
    • MOODLE_19_STABLE, MOODLE_20_STABLE

    Description

      /mod/forum/subscribe.php does not seem to check sesskey(). Therefore, nasty users could use it for CSRF attack and let easily other user to subscribe to many other forums, for example (spam risk).

      Attachments

        Issue Links

          Activity

            People

              mudrd8mz David Mudrák (@mudrd8mz)
              mudrd8mz David Mudrák (@mudrd8mz)
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                21/Feb/11