Description

SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."

Remediation

References

CVE-2009-4305

Related Vulnerabilities

Moodle CVE-2024-1439 Vulnerability (CVE-2024-1439)

WordPress Plugin WP People 'wp-people-popup.php' SQL Injection (2.0)

Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2022-45143)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-0813)

WordPress Plugin Ditty WordPress-Responsive Slider, List, and Ticker Display Cross-Site Scripting (3.0.32)

Severity

Medium

Classification

CVE-2009-4305 CWE-138

Tags

Missing Update Known Vulnerabilities