CVE-2016-7919

Опубликовано: 28 окт. 2016

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	ignored	end of standard support, was needs-triage
cosmic	ignored	end of life
devel	DNE
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	not-affected	disputed
esm-apps/xenial	not-affected	disputed
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needs-triage]
esm-infra/focal	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 35%

0.00143

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2016-7919

CVSS3: 7.5

nvd

около 9 лет назад

CVE-2016-7919

CVSS3: 7.5

debian

около 9 лет назад

Moodle 3.1.2 allows remote attackers to obtain sensitive information v ...

GHSA-683c-cq88-f22q

CVSS3: 7.5

github

больше 3 лет назад

** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields."

EPSS

Процентиль: 35%

0.00143

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2016-7919

Описание

Пакет moodle

Ссылки на источники

Связанные уязвимости