Description

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string.

Remediation

References

CVE-2013-4313

Related Vulnerabilities

WordPress Plugin CBI Referral Manager Cross-Site Scripting (1.2.1)

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-14960)

WordPress Plugin Active Products Tables for WooCommerce. Best and Professional products tables for WooCommerce store Cross-Site Scripting (1.0.3.1)

WordPress Plugin WordPress Landing Pages Multiple Unspecified Vulnerabilities (1.7.8)

WordPress Plugin Import XML and RSS Feeds Remote Code Execution (2.1.4)

Severity

High

Classification

CVE-2013-4313 CWE-138

Tags

Missing Update Known Vulnerabilities