CVEs-PoC/2015/CVE-2015-5338.md

### [CVE-2015-5338](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5338)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.

### POC

#### Reference
- https://moodle.org/mod/forum/discuss.php?d=323233

#### Github
No PoCs found on GitHub currently.