PT-2013-4952 · Moodle+1 · Moodle+1

Ryan Giobbi

Publicado

2013-09-16

Atualizado

2020-12-01

CVE-2013-4313

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 2.2.11 Moodle versions 2.3.x before 2.3.9 Moodle versions 2.4.x before 2.4.6 Moodle versions 2.5.x before 2.5.2

Description The issue allows remote attackers to potentially conduct SQL injection attacks against Microsoft SQL Server by using crafted strings containing '0' characters in query strings.

Recommendations For versions prior to 2.2.11, update to version 2.2.11 or later. For versions 2.3.x before 2.3.9, update to version 2.3.9 or later. For versions 2.4.x before 2.4.6, update to version 2.4.6 or later. For versions 2.5.x before 2.5.2, update to version 2.5.2 or later.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2013-4313

MGASA-2013-0280

Produtos afetados

Sql Server

Moodle

PT-2013-4952 · Moodle+1 · Moodle+1

CVE-2013-4313

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13