Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4305)

Description

SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."

Remediation

References

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5297)

phpList CVE-2023-27576 Vulnerability (CVE-2023-27576)

WebLogic CVE-2016-0573 Vulnerability (CVE-2016-0573)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Multiple Cross-Site Scripting Vulnerabilities (4.2.4)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43812)

Severity

Medium

Classification

CVE-2009-4305 CWE-138

Tags

Missing Update Known Vulnerabilities