CVE-2017-7491

Published: May 15, 2017Modified: May 13, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

Affected (53)

Products: Moodle: Moodle

Moodle

1 product

Moodle

Configuration A

53 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Version 2.7.0
Moodle Moodle	Version 2.7.0 beta
Moodle Moodle	Version 2.7.0 rc1
Moodle Moodle	Version 2.7.0 rc2
Moodle Moodle	Version 2.7.10
Moodle Moodle	Version 2.7.11
Moodle Moodle	Version 2.7.12
Moodle Moodle	Version 2.7.13
Moodle Moodle	Version 2.7.14
Moodle Moodle	Version 2.7.15
Moodle Moodle	Version 2.7.16
Moodle Moodle	Version 2.7.17
Moodle Moodle	Version 2.7.18
Moodle Moodle	Version 2.7.1
Moodle Moodle	Version 2.7.2
Moodle Moodle	Version 2.7.3
Moodle Moodle	Version 2.7.4
Moodle Moodle	Version 2.7.5
Moodle Moodle	Version 2.7.6
Moodle Moodle	Version 2.7.7
Moodle Moodle	Version 2.7.8
Moodle Moodle	Version 2.7.9
Moodle Moodle	Version 3.0.0
Moodle Moodle	Version 3.0.0 beta
Moodle Moodle	Version 3.0.0 rc1
Moodle Moodle	Version 3.0.0 rc2
Moodle Moodle	Version 3.0.0 rc3
Moodle Moodle	Version 3.0.0 rc4
Moodle Moodle	Version 3.0.1
Moodle Moodle	Version 3.0.2
Moodle Moodle	Version 3.0.3
Moodle Moodle	Version 3.0.4
Moodle Moodle	Version 3.0.5
Moodle Moodle	Version 3.0.6
Moodle Moodle	Version 3.0.7
Moodle Moodle	Version 3.0.8
Moodle Moodle	Version 3.1.0
Moodle Moodle	Version 3.1.0 beta
Moodle Moodle	Version 3.1.0 rc1
Moodle Moodle	Version 3.1.0 rc2
Moodle Moodle	Version 3.1.1
Moodle Moodle	Version 3.1.2
Moodle Moodle	Version 3.1.3
Moodle Moodle	Version 3.1.4
Moodle Moodle	Version 3.2.0
Moodle Moodle	Version 3.2.0 beta
Moodle Moodle	Version 3.2.0 rc1
Moodle Moodle	Version 3.2.0 rc2
Moodle Moodle	Version 3.2.0 rc3
Moodle Moodle	Version 3.2.0 rc4
Moodle Moodle	Version 3.2.0 rc5
Moodle Moodle	Version 3.2.1
Moodle Moodle	Version 3.2.2

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://moodle.org/mod/forum/discuss.php?d=352355

Source: secalert@redhat.com

PatchVendor Advisory

https://moodle.org/mod/forum/discuss.php?d=352355

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.