Description

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.

Remediation

References

CVE-2005-3648

Related Vulnerabilities

WordPress Plugin Stockdio Historical Chart Cross-Site Scripting (2.7.2)

WordPress Plugin IMPress for IDX Broker Multiple Vulnerabilities (2.6.1)

Drupal Other Vulnerability (CVE-2006-4002)

WordPress Plugin Super Forms-Drag & Drop Form Builder Arbitrary File Upload (4.9.700)

WordPress Plugin Affiliate Power-Sales Tracking for Affiliate Marketers Cross-Site Scripting (2.2.0)

Severity

High

Classification

CVE-2005-3648

Tags

Missing Update Known Vulnerabilities