Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
www.openwall.com/lists/oss-security/2016/05/17/4
bugzilla.redhat.com/show_bug.cgi?id=1335933
github.com/moodle/moodle
github.com/moodle/moodle/commit/01408d619ba89d32f9ad83308990ff9b0374cb57
github.com/moodle/moodle/commit/1f5c494f761ef7961c449075adf192e149148e1a
github.com/moodle/moodle/commit/7873e36f0cc0ccfd1424ff9302eb1ea9e4e74305
github.com/moodle/moodle/commit/d98c24659935c1bdff4b35ec0a85ab1a3ab05d9f
github.com/moodle/moodle/commit/e90e0ea5700ee9b016034b74ed7f41787109d1a2
nvd.nist.gov/vuln/detail/CVE-2016-3734
web.archive.org/web/20160703032310/www.securitytracker.com/id/1035902
web.archive.org/web/20160930194927/www.securityfocus.com/bid/91281