Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091
github.com/moodle/moodle
github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea
github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94
github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443
github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686
moodle.org/mod/forum/discuss.php?d=323230
nvd.nist.gov/vuln/detail/CVE-2015-5335