[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-4305

Date: (C)2009-12-15   (M)2017-11-18 


SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."

CVSS Score: 6.5Access Vector: NETWORK
Exploit Score: 8.0Access Complexity: LOW
Impact Score: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-37244
SECUNIA-37614
ADV-2009-3455
FEDORA-2009-13040
FEDORA-2009-13065
FEDORA-2009-13080
http://docs.moodle.org/en/Moodle_1.8.11_release_notes
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://moodle.org/mod/forum/discuss.php?d=139120

CPE    17
cpe:/a:moodle:moodle:1.8.10
cpe:/a:moodle:moodle:1.8.9
cpe:/a:moodle:moodle:1.8.2
cpe:/a:moodle:moodle:1.8.1
...
CWE    1
CWE-89
OVAL    2
oval:org.secpod.oval:def:600146
oval:org.mitre.oval:def:6671

© 2013 SecPod Technologies