Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24561

Forum subscribe.php does not check sesskey()

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 1.9.11, 2.0.2
    • 1.9.9, 2.0
    • Forum
    • None
    • MOODLE_19_STABLE, MOODLE_20_STABLE
    • MOODLE_19_STABLE, MOODLE_20_STABLE

      /mod/forum/subscribe.php does not seem to check sesskey(). Therefore, nasty users could use it for CSRF attack and let easily other user to subscribe to many other forums, for example (spam risk).

            mudrd8mz David Mudrák (@mudrd8mz)
            mudrd8mz David Mudrák (@mudrd8mz)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.