Description
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.
Remediation
References
Related Vulnerabilities
Oracle JRE Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0422)
WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Unspecified Vulnerability (5.7)
Jenkins Cryptographic Issues Vulnerability (CVE-2014-2061)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2271)
WordPress Plugin Realty by BestWebSoft Cross-Site Scripting (1.0.9)