Description

SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.

Remediation

References

CVE-2012-2363

Related Vulnerabilities

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.9)

WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)

WebLogic CVE-2016-3445 Vulnerability (CVE-2016-3445)

WordPress Plugin WP SVG images Cross-Site Scripting (3.3)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4627)

Severity

Medium

Classification

CVE-2012-2363 CWE-138

Tags

Missing Update Known Vulnerabilities