CVE-2013-4313
The CVE-2013-4313 issue affects Moodle up to versions 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2, where the application does not neutralize null bytes ('\0') in query strings. This can enable remote attackers to perform SQL injection against Microsoft SQL Server via a ...