CVE-2012-3395

CVE-2012-3395

EPSS 1.6%

SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 https://exchange.xforce.ibmcloud.com/vulnerabilities/76961 http://www.securityfocus.com/bid/54481