Описание
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 1.8.2-1 |
| edgy | not-affected | 1.6.2-1ubuntu1.1 |
| feisty | not-affected | 1.6.3-2ubuntu1 |
| gutsy | not-affected | 1.8.2-1 |
| hardy | not-affected | 1.8.2-1 |
| intrepid | not-affected | 1.8.2-1 |
| jaunty | not-affected | 1.8.2-1 |
| karmic | not-affected | 1.8.2-1 |
| upstream | released | 1.6.2 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earli ...
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
EPSS
7.5 High
CVSS2