CVE-2016-3734

Published: Apr 20, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.

Affected (44)

Products: Moodle: Moodle

Moodle

1 product

Moodle

Configuration A

44 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Version 2.7.0
Moodle Moodle	Version 2.7.0 beta
Moodle Moodle	Version 2.7.0 rc1
Moodle Moodle	Version 2.7.0 rc2
Moodle Moodle	Version 2.7.10
Moodle Moodle	Version 2.7.11
Moodle Moodle	Version 2.7.12
Moodle Moodle	Version 2.7.13
Moodle Moodle	Version 2.7.1
Moodle Moodle	Version 2.7.2
Moodle Moodle	Version 2.7.3
Moodle Moodle	Version 2.7.4
Moodle Moodle	Version 2.7.5
Moodle Moodle	Version 2.7.6
Moodle Moodle	Version 2.7.7
Moodle Moodle	Version 2.7.8
Moodle Moodle	Version 2.7.9
Moodle Moodle	Version 2.8.0
Moodle Moodle	Version 2.8.10
Moodle Moodle	Version 2.8.11
Moodle Moodle	Version 2.8.1
Moodle Moodle	Version 2.8.2
Moodle Moodle	Version 2.8.3
Moodle Moodle	Version 2.8.4
Moodle Moodle	Version 2.8.5
Moodle Moodle	Version 2.8.6
Moodle Moodle	Version 2.8.7
Moodle Moodle	Version 2.8.8
Moodle Moodle	Version 2.8.9
Moodle Moodle	Version 2.9.0
Moodle Moodle	Version 2.9.1
Moodle Moodle	Version 2.9.2
Moodle Moodle	Version 2.9.3
Moodle Moodle	Version 2.9.4
Moodle Moodle	Version 2.9.5
Moodle Moodle	Version 3.0.0
Moodle Moodle	Version 3.0.0 beta
Moodle Moodle	Version 3.0.0 rc1
Moodle Moodle	Version 3.0.0 rc2
Moodle Moodle	Version 3.0.0 rc3
Moodle Moodle	Version 3.0.0 rc4
Moodle Moodle	Version 3.0.1
Moodle Moodle	Version 3.0.2
Moodle Moodle	Version 3.0.3