Lucene search

K
prionPRIOn knowledge basePRION:CVE-2016-2158
HistoryMay 22, 2016 - 8:59 p.m.

Cross site request forgery (csrf)

2016-05-2220:59:00
PRIOn knowledge base
www.prio-n.com
2

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%