EUVD-2008-6094

Malware in sbrugna...

USN-791-1: Moodle vulnerabilities

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...

CVE-2008-6124

SQL injection vulnerability in the hotpotdeleteselectedattempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt...

Sql injection

SQL injection vulnerability in the hotpotdeleteselectedattempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt...

CVE-2008-6124

SQL injection vulnerability in the hotpotdeleteselectedattempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt...

CVE-2008-6124

CVE-2008-6124 is an SQL injection vulnerability in Moodle's HotPot module, exploitable via hotpot_delete_selected_attempts in report.php. Affected Moodle versions are 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2. The vulnerability allows remote attackers to execute a...

CVE-2008-6124

SQL injection vulnerability in the hotpotdeleteselectedattempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt...