Description
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2019-2992 Vulnerability (CVE-2019-2992)
WordPress Plugin Migration, Backup, Staging-WPvivid PHAR Deserialization (0.9.74)
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4627)
WordPress Plugin Real-Time Find and Replace Cross-Site Scripting (3.8)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2889)