Back to search
CVE-2006-4785
Published: Sep 14, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
moodle-edit-sql-injection(29001)
vdb-entry
x_refsource_XF
19995
vdb-entry
x_refsource_BID
21899
third-party-advisory
x_refsource_SECUNIA
20060619 Re: Moodle issue - invalid vendor ack? and extra vulns
mailing-list
x_refsource_VIM
20060919 Moodle issue - invalid vendor ack? and extra vulns
mailing-list
x_refsource_VIM
20085
vdb-entry
x_refsource_BID
moodle-unspecified-sql-injection(28904)
vdb-entry
x_refsource_XF
20060917 Sql injection in Moodle
mailing-list
x_refsource_BUGTRAQ
1016877
vdb-entry
x_refsource_SECTRACK
http://docs.moodle.org/en/Release_notes#Moodle_1.6.2
x_refsource_CONFIRM
ADV-2006-3591
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now