CVE-2005-3648

Name of the Vulnerable Software and Affected Versions Moodle version 1.5.2

Description The issue concerns SQL injection vulnerabilities in the get record function within datalib.php. This allows remote attackers to execute arbitrary SQL commands by manipulating the id parameter in specific API endpoints, such as category.php and info.php.

Recommendations For Moodle version 1.5.2, consider restricting access to the get record function in datalib.php until a patch is available. As a temporary workaround, avoid using the id parameter in the affected API endpoints, such as "category.php" and "info.php", to minimize the risk of exploitation.