Lucene search

MitreCVE-2006-4785

HistorySep 14, 2006 - 10:07 a.m.

CVE-2006-4785

2006-09-1410:07:00

CWE-89

mitre

web.nvd.nist.gov

cve-2006-4785

sql injection

moodle 1.6.1

remote attackers

arbitrary commands

adodb column sql

data type conversion

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.007

Percentile

79.9%

JSON

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.

Affected configurations

Nvd

Node

moodlemoodleRange≤1.6.1

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::

References

docs.moodle.org/en/Release_notes#Moodle_1.6.2

secunia.com/advisories/21899

securitytracker.com/id?1016877

www.attrition.org/pipermail/vim/2006-September/001038.html

www.attrition.org/pipermail/vim/2006-September/001040.html

www.securityfocus.com/archive/1/446227/100/0/threaded

www.securityfocus.com/bid/19995

www.securityfocus.com/bid/20085

www.vupen.com/english/advisories/2006/3591

exchange.xforce.ibmcloud.com/vulnerabilities/28904

exchange.xforce.ibmcloud.com/vulnerabilities/29001

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.007

Percentile

79.9%

JSON

Related for CVE-2006-4785