Description

SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.

Remediation

References

CVE-2012-3395

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Stripe Security Bypass (2.0.1)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2243)

MySQL CVE-2018-3082 Vulnerability (CVE-2018-3082)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.22)

WordPress Plugin Contact Form 7 Multi-Step Addon Malicious Code (1.0.5)

Severity

Medium

Classification

CVE-2012-3395 CWE-138

Tags

Missing Update Known Vulnerabilities