Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6124

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6124
Last Modified 13 Feb 2009 12:00:00
Published 12 Feb 2009 08:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6124

Summary

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

Vulnerable Systems

Application

  • Moodle 1.6

  • Moodle 1.6.1

  • Moodle 1.6.2

  • Moodle 1.6.3

  • Moodle 1.6.4

  • Moodle 1.6.5

  • Moodle 1.6.6

  • Moodle 1.7

  • Moodle 1.7.1

  • Moodle 1.7.2

  • Moodle 1.7.3

  • Moodle 1.7.4

  • Moodle 1.8

  • Moodle 1.8.1

  • Moodle 1.8.2

  • Moodle 1.8.3

  • Moodle 1.8.4

  • Moodle 1.8.5

  • Moodle 1.9

  • Moodle 1.9.1


References

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=101402

DEBIAN - DSA-1691

MISC - http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2


Last Updated: 27 May 2016 10:49:04