VYPR
← All advisories
Moderate severityNVD Advisory· Published Jun 1, 2015· Updated May 6, 2026

CVE-2015-0213

CVE-2015-0213

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
< 2.6.72.6.7
moodle/moodlePackagist
>= 2.7.0, < 2.7.42.7.4
moodle/moodlePackagist
>= 2.8.0, < 2.8.22.8.2

Affected products

22
  • Moodle/Moodle22 versions
    cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.5.9
    • cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*

Patches

3
e83c756f84e1

MDL-48106 mod_glossary: Add missing sesskey checks

https://github.com/moodle/moodleAndrew NicolsNov 20, 2014via ghsa
commit
2 files changed · +5 0
  • mod/glossary/editcategories.html+1 0 modified
    @@ -33,6 +33,7 @@
 <tr>
 <td colspan="2">
     <div class="buttons">
+    <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
     <input type="hidden" name="id" value="<?php p($cm->id) ?>" />
     <input type="hidden" name="action" value="<?php p($action) ?>" />
     <input type="hidden" name="confirm" value="1" />
  • mod/glossary/editcategories.php+4 0 modified
    @@ -95,6 +95,7 @@
 
     if ( $action == "edit" ) {
         if ( $confirm ) {
+            require_sesskey();
             $action = "";
             $cat = new stdClass();
             $cat->id = $hook;
@@ -118,6 +119,7 @@
 
     } elseif ( $action == "delete" ) {
         if ( $confirm ) {
+            require_sesskey();
             $DB->delete_records("glossary_entries_categories", array("categoryid"=>$hook));
             $DB->delete_records("glossary_categories", array("id"=>$hook));
 
@@ -146,6 +148,7 @@
                         <td align="$rightalignment" style="width:50%">
                         <form id="form" method="post" action="editcategories.php">
                         <div>
+                        <input type="hidden" name="sesskey"     value="<?php echo sesskey(); ?>" />
                         <input type="hidden" name="id"          value="<?php p($cm->id) ?>" />
                         <input type="hidden" name="action"      value="delete" />
                         <input type="hidden" name="confirm"     value="1" />
@@ -169,6 +172,7 @@
 
 } elseif ( $action == "add" ) {
     if ( $confirm ) {
+        require_sesskey();
         $dupcategory = $DB->get_records_sql("SELECT * FROM {glossary_categories} WHERE ".$DB->sql_like('name','?', false)." AND glossaryid=?", array($name, $glossary->id));
         if ( $dupcategory ) {
             redirect("editcategories.php?id=$cm->id&amp;action=add&amp;name=$name", get_string("duplicatecategory", "glossary"), 2);
c4250ef4f237

MDL-48106 mod_glossary: Add missing sesskey checks

https://github.com/moodle/moodleAndrew NicolsNov 20, 2014via ghsa
commit
2 files changed · +5 0
  • mod/glossary/editcategories.html+1 0 modified
    @@ -33,6 +33,7 @@
 <tr>
 <td colspan="2">
     <div class="buttons">
+    <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
     <input type="hidden" name="id" value="<?php p($cm->id) ?>" />
     <input type="hidden" name="action" value="<?php p($action) ?>" />
     <input type="hidden" name="confirm" value="1" />
  • mod/glossary/editcategories.php+4 0 modified
    @@ -95,6 +95,7 @@
 
     if ( $action == "edit" ) {
         if ( $confirm ) {
+            require_sesskey();
             $action = "";
             $cat = new stdClass();
             $cat->id = $hook;
@@ -128,6 +129,7 @@
 
     } elseif ( $action == "delete" ) {
         if ( $confirm ) {
+            require_sesskey();
             $DB->delete_records("glossary_entries_categories", array("categoryid"=>$hook));
             $DB->delete_records("glossary_categories", array("id"=>$hook));
 
@@ -165,6 +167,7 @@
                         <td align="$rightalignment" style="width:50%">
                         <form id="form" method="post" action="editcategories.php">
                         <div>
+                        <input type="hidden" name="sesskey"     value="<?php echo sesskey(); ?>" />
                         <input type="hidden" name="id"          value="<?php p($cm->id) ?>" />
                         <input type="hidden" name="action"      value="delete" />
                         <input type="hidden" name="confirm"     value="1" />
@@ -188,6 +191,7 @@
 
 } elseif ( $action == "add" ) {
     if ( $confirm ) {
+        require_sesskey();
         $dupcategory = $DB->get_records_sql("SELECT * FROM {glossary_categories} WHERE ".$DB->sql_like('name','?', false)." AND glossaryid=?", array($name, $glossary->id));
         if ( $dupcategory ) {
             redirect("editcategories.php?id=$cm->id&amp;action=add&amp;name=$name", get_string("duplicatecategory", "glossary"), 2);
5770e5147838

MDL-48106 mod_glossary: Add missing sesskey checks

https://github.com/moodle/moodleAndrew NicolsNov 20, 2014via ghsa
commit
2 files changed · +5 0
  • mod/glossary/editcategories.html+1 0 modified
    @@ -33,6 +33,7 @@
 <tr>
 <td colspan="2">
     <div class="buttons">
+    <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
     <input type="hidden" name="id" value="<?php p($cm->id) ?>" />
     <input type="hidden" name="action" value="<?php p($action) ?>" />
     <input type="hidden" name="confirm" value="1" />
  • mod/glossary/editcategories.php+4 0 modified
    @@ -95,6 +95,7 @@
 
     if ( $action == "edit" ) {
         if ( $confirm ) {
+            require_sesskey();
             $action = "";
             $cat = new stdClass();
             $cat->id = $hook;
@@ -128,6 +129,7 @@
 
     } elseif ( $action == "delete" ) {
         if ( $confirm ) {
+            require_sesskey();
             $DB->delete_records("glossary_entries_categories", array("categoryid"=>$hook));
             $DB->delete_records("glossary_categories", array("id"=>$hook));
 
@@ -165,6 +167,7 @@
                         <td align="$rightalignment" style="width:50%">
                         <form id="form" method="post" action="editcategories.php">
                         <div>
+                        <input type="hidden" name="sesskey"     value="<?php echo sesskey(); ?>" />
                         <input type="hidden" name="id"          value="<?php p($cm->id) ?>" />
                         <input type="hidden" name="action"      value="delete" />
                         <input type="hidden" name="confirm"     value="1" />
@@ -188,6 +191,7 @@
 
 } elseif ( $action == "add" ) {
     if ( $confirm ) {
+        require_sesskey();
         $dupcategory = $DB->get_records_sql("SELECT * FROM {glossary_categories} WHERE ".$DB->sql_like('name','?', false)." AND glossaryid=?", array($name, $glossary->id));
         if ( $dupcategory ) {
             redirect("editcategories.php?id=$cm->id&amp;action=add&amp;name=$name", get_string("duplicatecategory", "glossary"), 2);

Vulnerability mechanics

Root cause

"The application lacked CSRF protection (missing session key validation) for sensitive actions in the Glossary module."

Attack vector

The vulnerability allows remote attackers to perform unauthorized actions by tricking an authenticated user into visiting a malicious website. Because the application fails to verify the authenticity of requests, an attacker can force the victim's browser to submit requests to `editcategories.php` or `editcategories.html` [CWE-352]. This can result in the unintended modification or deletion of glossary categories within the Moodle Glossary module.

What the fix does

The patch introduces mandatory session key validation using `require_sesskey()` within the `editcategories.php` script for add, edit, and delete actions [patch_id=20387]. Additionally, it adds a hidden `sesskey` input field to the forms in both `editcategories.php` and `editcategories.html`. These changes ensure that every state-changing request is accompanied by a valid, unique session token, effectively preventing unauthorized cross-site requests.

Preconditions

  • authThe victim must be authenticated to the Moodle instance.
  • networkThe victim must be induced to visit a malicious site or trigger a crafted request while authenticated.

Generated by google/gemini-3.1-flash-lite-preview on May 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.