Description

SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.

Remediation

References

CVE-2012-3395

Related Vulnerabilities

Ruby on Rails Improper Input Validation Vulnerability (CVE-2008-7248)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3481)

WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)

WordPress Plugin Zeno Font Resizer Cross-Site Scripting (1.7.9)

WordPress Plugin Cool Video Gallery Command Injection (1.9)

Severity

Medium

Classification

CVE-2012-3395 CWE-138

Tags

Missing Update Known Vulnerabilities