WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1615)

Description

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.

Remediation

References

Related Vulnerabilities

WebLogic CVE-2019-2658 Vulnerability (CVE-2019-2658)

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-39114)

PHP Resource Management Errors Vulnerability (CVE-2007-4660)

MySQL CVE-2018-3082 Vulnerability (CVE-2018-3082)

Mailman Other Vulnerability (CVE-2003-0992)

Severity

High

Classification

CVE-2010-1615 CWE-138

Tags

Missing Update Known Vulnerabilities