Description

Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.

Remediation

References

CVE-2006-4936

Related Vulnerabilities

Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2023-31122)

Drupal Core 8.9.0 Remote Code Execution (8.9.0)

WordPress Plugin WPS Hide Login Multiple Security Bypass Vulnerabilities (1.5.2.2)

WordPress Plugin Tracking Code Manager Multiple Vulnerabilities (1.11.1)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1999042)

Severity

Critical

Classification

CVE-2006-4936 CWE-20

Tags

Missing Update Known Vulnerabilities