CVE-2006-5219

SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter.

Score5.1
Access VectorNETWORK
Access ComplexityHIGH
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-10 12:06:00.000-04
Last Modified2018-10-17 05:41:41.000-04

Vulnerable Software List

VendorProductVersions
Moodle Moodle 1.6.2

References

SourceLink
MISChttp://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3
FULLDISC20061008 SQL injection - moodle
SREASON1699
BUGTRAQ20061009 Re: [Full-disclosure] SQL injection - moodle
BUGTRAQ20061008 SQL injection - moodle
BID20395
VUPENADV-2006-3957
XFmoodle-index-sql-injection(29377)