Test ID:	1.3.6.1.4.1.25623.1.0.15639
Category:	Web application abuses
Title:	Moodle SQL injection flaws
Summary:	The remote version of Moodle is vulnerable to a SQL; injection issue in 'glossary' module due to a lack of user input sanitization.
Description:	Summary: The remote version of Moodle is vulnerable to a SQL injection issue in 'glossary' module due to a lack of user input sanitization. Affected Software/OS: Moodle prior to version 1.4.3. Solution: Upgrade to Moodle 1.4.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1424 BugTraq ID: 12120 http://www.securityfocus.com/bid/12120 Bugtraq: 20041227 Multiple Vulnerabilities in Moodle (Google Search) http://marc.info/?l=bugtraq&m=110425409614735&w=2 Bugtraq: 20041230 Re: Multiple Vulnerabilities in Moodle (Google Search) http://marc.info/?l=bugtraq&m=110444531816566&w=2 http://secunia.com/advisories/13694 XForce ISS Database: moodle-view-search-xss(18702) https://exchange.xforce.ibmcloud.com/vulnerabilities/18702 Common Vulnerability Exposure (CVE) ID: CVE-2004-1425 XForce ISS Database: moodle-directory-traversal(18550) https://exchange.xforce.ibmcloud.com/vulnerabilities/18550 Common Vulnerability Exposure (CVE) ID: CVE-2004-2232 BugTraq ID: 11608 http://www.securityfocus.com/bid/11608 http://www.osvdb.org/11427 http://securitytracker.com/id?1012113 http://secunia.com/advisories/13091 XForce ISS Database: moodle-glossary-sql-injection(17965) https://exchange.xforce.ibmcloud.com/vulnerabilities/17965
Copyright	Copyright (C) 2004 David Maciejak

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.