Description

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.

Remediation

References

CVE-2010-1615

Related Vulnerabilities

WordPress Plugin Booking Multiple Vulnerabilities (2.5)

Java Unspesificed Vulnerability (CVE-2018-3150)

Nexus Repository Manager Incorrect Default Permissions Vulnerability (CVE-2019-9630)

MySQL CVE-2022-21326 Vulnerability (CVE-2022-21326)

WordPress Plugin Easy Media Download Cross-Site Scripting (1.1.4)

Severity

High

Classification

CVE-2010-1615 CWE-138

Tags

Missing Update Known Vulnerabilities