Description
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string.
Remediation
References
Related Vulnerabilities
IBMHttpServer Other Vulnerability (CVE-2001-0122)
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.11)
WordPress Plugin Product Catalog Arbitrary File Upload (3.1.1)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1924)
Apache HTTP Server Session Fixation Vulnerability (CVE-2001-1534)