Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6538

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6538
Last Modified 15 Nov 2008 12:00:00
Published 27 Dec 2007 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6538

Summary

SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vulnerable Systems

Application

  • Meeting Room Booking Software Mrbs 1.2.3

  • Meeting Room Booking Software Mrbs 1.2.5

  • Moodle

  • Mrbs 1.2.3

  • Mrbs 1.2.5


References

XF - moodle-viewentry-sql-injection(39190)

BID - 26977

BUGTRAQ - 20071222 Re: Re: Moodle SQL Injection

BUGTRAQ - 20071222 Re: Moodle SQL Injection

BUGTRAQ - 20071221 Moodle SQL Injection

SREASON - 3492

SECUNIA - 28198

OSVDB - 39619

CONFIRM - http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2


Last Updated: 27 May 2016 10:57:50