Vulnerability Details : CVE-2008-3325
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2008-3325
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Threat overview for CVE-2008-3325
Top countries where our scanners detected CVE-2008-3325
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2008-3325 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-3325!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-3325
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3325
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2008-3325
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3325
-
http://moodle.org/mod/forum/discuss.php?d=101405
Patch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/494658/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.procheckup.com/Vulnerability_PR08-16.php
Broken Link
-
http://www.debian.org/security/2008/dsa-1691
[SECURITY] [DSA 1691-1] New moodle packages fix several vulnerabilitiesThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/43964
VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:016 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
Jump to