Description

SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.

Remediation

References

CVE-2012-2363

Related Vulnerabilities

MySQL CVE-2017-3651 Vulnerability (CVE-2017-3651)

Oracle Database Server CVE-2007-3854 Vulnerability (CVE-2007-3854)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15730)

WordPress Plugin Comment Rating Cross-Site Request Forgery (2.9.20)

WordPress Plugin GNUCommerce Cross-Site Scripting (1.4.1)

Severity

Medium

Classification

CVE-2012-2363 CWE-138

Tags

Missing Update Known Vulnerabilities