Description

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.

Remediation

References

CVE-2005-3648

Related Vulnerabilities

WordPress Plugin Events Made Easy Arbitrary File Upload (2.1.1)

WordPress Plugin s2Member Pro 'Coupon Code' Field HTML Injection (111216)

WordPress Plugin Woo Custom Checkout Field Multiple Vulnerabilities (1.3.2)

Oracle Database Server CVE-2008-1814 Vulnerability (CVE-2008-1814)

WordPress Plugin Ultimate Responsive Image Slider Unspecified Vulnerability (3.3.2)

Severity

High

Classification

CVE-2005-3648

Tags

Missing Update Known Vulnerabilities