Description

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.

Remediation

References

CVE-2005-3648

Related Vulnerabilities

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3387)

WordPress Plugin zM Ajax Login & Register Multiple Vulnerabilities (1.0.9)

WordPress Plugin WP CleanFix Cross-Site Request Forgery (2.4.4)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16178)

Severity

High

Classification

CVE-2005-3648

Tags

Missing Update Known Vulnerabilities