Description

SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."

Remediation

References

CVE-2009-4305

Related Vulnerabilities

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42112)

WordPress Plugin IzeeChat-Live Chat Cross-Site Scripting (1.0)

Apache HTTP Server Session Fixation Vulnerability (CVE-2001-1534)

YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3785)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2021-4104)

Severity

Medium

Classification

CVE-2009-4305 CWE-138

Tags

Missing Update Known Vulnerabilities