Lucene search

MitreCVE-2005-3648

HistoryNov 17, 2005 - 11:02 a.m.

CVE-2005-3648

2005-11-1711:02:00

mitre

web.nvd.nist.gov

moodle

sql injection

remote attackers

cve-2005-3648

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.

Affected configurations

Nvd

Node

moodlemoodleMatch1.5.2

VendorProductVersionCPE
moodlemoodle1.5.2cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	1.5.2	cpe:2.3:a:moodle:moodle:1.5.2:::::::*

References

marc.info/?l=bugtraq&m=113165668814241&w=2

osvdb.org/20748

rgod.altervista.org/moodle16dev.html

secunia.com/advisories/17526/

securitytracker.com/id?1015181

www.securityfocus.com/bid/15380/

www.vupen.com/english/advisories/2005/2387

exchange.xforce.ibmcloud.com/vulnerabilities/23058

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON

Related for CVE-2005-3648