Description

The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.

Remediation

References

CVE-2006-4935

Related Vulnerabilities

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4083)

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)

Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2339)

MySQL CVE-2019-2420 Vulnerability (CVE-2019-2420)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4574)

Severity

Critical

Classification

CVE-2006-4935 CWE-20

Tags

Missing Update Known Vulnerabilities