Description

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string.

Remediation

References

CVE-2013-4313

Related Vulnerabilities

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2045)

WordPress Plugin Sexy Add Template Cross-Site Request Forgery (1.0)

osTicket Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-30082)

WordPress Plugin WP-Cron Dashboard Cross-Site Scripting (1.1.5)

Oracle Database Server CVE-2015-0371 Vulnerability (CVE-2015-0371)

Severity

High

Classification

CVE-2013-4313 CWE-138

Tags

Missing Update Known Vulnerabilities