Description

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string.

Remediation

References

CVE-2013-4313

Related Vulnerabilities

Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-14064)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3514)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.3.13.727)

MySQL CVE-2014-2431 Vulnerability (CVE-2014-2431)

Frontaccounting Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-21244)

Severity

High

Classification

CVE-2013-4313 CWE-138

Tags

Missing Update Known Vulnerabilities