Description

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.

Remediation

References

CVE-2005-3648

Related Vulnerabilities

MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26149)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.3.13.727)

MySQL CVE-2015-0511 Vulnerability (CVE-2015-0511)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4281)

MySQL CVE-2022-39402 Vulnerability (CVE-2022-39402)

Severity

High

Classification

CVE-2005-3648

Tags

Missing Update Known Vulnerabilities