High severity8.8NVD Advisory· Published Apr 20, 2017· Updated May 13, 2026
CVE-2016-3734
CVE-2016-3734
Description
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | < 2.7.14 | 2.7.14 |
moodle/moodlePackagist | >= 2.8, < 2.8.12 | 2.8.12 |
moodle/moodlePackagist | >= 2.9, < 2.9.6 | 2.9.6 |
moodle/moodlePackagist | >= 3.0, < 3.0.4 | 3.0.4 |
Patches
501408d619ba8MDL-53755 forum: Check session when marking posts
3 files changed · +5 −4
mod/forum/index.php+2 −2 modified@@ -230,7 +230,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; } @@ -368,7 +368,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; }
mod/forum/lib.php+2 −2 modified@@ -3714,7 +3714,7 @@ function forum_print_discussion_header(&$post, $forum, $group = -1, $datestring echo $post->unread; echo '</a>'; echo '<a title="'.$strmarkalldread.'" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php">' . + $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">' . '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.$strmarkalldread.'" /></a>'; echo '</span>'; } else { @@ -5402,7 +5402,7 @@ function forum_print_latest_discussions($course, $forum, $maxdiscussions = -1, $ if ($forumtracked) { echo '<a title="'.get_string('markallread', 'forum'). '" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&mark=read&returnpage=view.php">'. + $forum->id.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">'. '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.get_string('markallread', 'forum').'" /></a>'; } echo '</th>';
mod/forum/markposts.php+1 −0 modified@@ -55,6 +55,7 @@ $user = $USER; require_login($course, false, $cm); +require_sesskey(); if ($returnpage == 'index.php') { $returnto = new moodle_url("/mod/forum/$returnpage", array('id' => $course->id));
d98c24659935MDL-53755 forum: Check session when marking posts
3 files changed · +5 −4
mod/forum/index.php+2 −2 modified@@ -230,7 +230,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; } @@ -368,7 +368,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; }
mod/forum/lib.php+2 −2 modified@@ -3843,7 +3843,7 @@ function forum_print_discussion_header(&$post, $forum, $group=-1, $datestring="" echo $post->unread; echo '</a>'; echo '<a title="'.$strmarkalldread.'" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php">' . + $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">' . '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.$strmarkalldread.'" /></a>'; echo '</span>'; } else { @@ -5530,7 +5530,7 @@ function forum_print_latest_discussions($course, $forum, $maxdiscussions = -1, $ if ($forumtracked) { echo '<a title="'.get_string('markallread', 'forum'). '" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&mark=read&returnpage=view.php">'. + $forum->id.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">'. '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.get_string('markallread', 'forum').'" /></a>'; } echo '</th>';
mod/forum/markposts.php+1 −0 modified@@ -55,6 +55,7 @@ $user = $USER; require_login($course, false, $cm); +require_sesskey(); if ($returnpage == 'index.php') { $returnto = new moodle_url("/mod/forum/$returnpage", array('id' => $course->id));
e90e0ea5700eMDL-53755 forum: Check session when marking posts
3 files changed · +5 −4
mod/forum/index.php+2 −2 modified@@ -245,7 +245,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; } @@ -383,7 +383,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; }
mod/forum/lib.php+2 −2 modified@@ -3741,7 +3741,7 @@ function forum_print_discussion_header(&$post, $forum, $group = -1, $datestring echo $post->unread; echo '</a>'; echo '<a title="'.$strmarkalldread.'" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php">' . + $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">' . '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.$strmarkalldread.'" /></a>'; echo '</span>'; } else { @@ -5433,7 +5433,7 @@ function forum_print_latest_discussions($course, $forum, $maxdiscussions = -1, $ if ($forumtracked) { echo '<a title="'.get_string('markallread', 'forum'). '" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&mark=read&returnpage=view.php">'. + $forum->id.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">'. '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.get_string('markallread', 'forum').'" /></a>'; } echo '</th>';
mod/forum/markposts.php+1 −0 modified@@ -55,6 +55,7 @@ $user = $USER; require_login($course, false, $cm); +require_sesskey(); if ($returnpage == 'index.php') { $returnto = new moodle_url("/mod/forum/$returnpage", array('id' => $course->id));
7873e36f0cc0MDL-53755 forum: Check session when marking posts
3 files changed · +5 −4
mod/forum/index.php+2 −2 modified@@ -230,7 +230,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; } @@ -368,7 +368,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; }
mod/forum/lib.php+2 −2 modified@@ -3805,7 +3805,7 @@ function forum_print_discussion_header(&$post, $forum, $group=-1, $datestring="" echo $post->unread; echo '</a>'; echo '<a title="'.$strmarkalldread.'" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php">' . + $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">' . '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.$strmarkalldread.'" /></a>'; echo '</span>'; } else { @@ -5486,7 +5486,7 @@ function forum_print_latest_discussions($course, $forum, $maxdiscussions = -1, $ if ($forumtracked) { echo '<a title="'.get_string('markallread', 'forum'). '" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&mark=read&returnpage=view.php">'. + $forum->id.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">'. '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.get_string('markallread', 'forum').'" /></a>'; } echo '</th>';
mod/forum/markposts.php+1 −0 modified@@ -55,6 +55,7 @@ $user = $USER; require_login($course, false, $cm); +require_sesskey(); if ($returnpage == 'index.php') { $returnto = forum_go_back_to(new moodle_url("/mod/forum/$returnpage", array('id' => $course->id)));
1f5c494f761eMDL-53755 forum: Check session when marking posts
3 files changed · +5 −4
mod/forum/index.php+2 −2 modified@@ -228,7 +228,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; } @@ -366,7 +366,7 @@ } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) { $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>'; $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='. - $forum->id.'&mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; + $forum->id.'&mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>'; } else { $unreadlink = '<span class="read">0</span>'; }
mod/forum/lib.php+2 −2 modified@@ -3913,7 +3913,7 @@ function forum_print_discussion_header(&$post, $forum, $group=-1, $datestring="" echo $post->unread; echo '</a>'; echo '<a title="'.$strmarkalldread.'" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php">' . + $forum->id.'&d='.$post->discussion.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">' . '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.$strmarkalldread.'" /></a>'; echo '</span>'; } else { @@ -5824,7 +5824,7 @@ function forum_print_latest_discussions($course, $forum, $maxdiscussions=-1, $di if ($forumtracked) { echo '<a title="'.get_string('markallread', 'forum'). '" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='. - $forum->id.'&mark=read&returnpage=view.php">'. + $forum->id.'&mark=read&returnpage=view.php&sesskey=' . sesskey() . '">'. '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.get_string('markallread', 'forum').'" /></a>'; } echo '</th>';
mod/forum/markposts.php+1 −0 modified@@ -55,6 +55,7 @@ $user = $USER; require_login($course, false, $cm); +require_sesskey(); if ($returnpage == 'index.php') { $returnto = forum_go_back_to($returnpage.'?id='.$course->id);
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
13- www.openwall.com/lists/oss-security/2016/05/17/4nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/91281nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035902nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-r867-v437-4rrmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-3734ghsaADVISORY
- github.com/moodle/moodle/commit/01408d619ba89d32f9ad83308990ff9b0374cb57ghsaWEB
- github.com/moodle/moodle/commit/1f5c494f761ef7961c449075adf192e149148e1aghsaWEB
- github.com/moodle/moodle/commit/7873e36f0cc0ccfd1424ff9302eb1ea9e4e74305ghsaWEB
- github.com/moodle/moodle/commit/d98c24659935c1bdff4b35ec0a85ab1a3ab05d9fghsaWEB
- github.com/moodle/moodle/commit/e90e0ea5700ee9b016034b74ed7f41787109d1a2ghsaWEB
- web.archive.org/web/20160703032310/http://www.securitytracker.com/id/1035902ghsaWEB
- web.archive.org/web/20160930194927/http://www.securityfocus.com/bid/91281ghsaWEB
News mentions
0No linked articles in our index yet.