Test ID:	1.3.6.1.4.1.25623.1.0.800766
Category:	Web application abuses
Title:	Moodle Multiple Vulnerabilities
Summary:	Moodle is prone to multiple vulnerabilities.
Description:	Summary: Moodle is prone to multiple vulnerabilities. Vulnerability Insight: - Input data passed to add_to_log()function in wiki module in 'mod/wiki/view.php' and 'lib/form/selectgroups.php' is not properly sanitised before being used in SQL query - Error in 'user/view.php', which fails to check role - Error in 'phpCAS client library', allows remote attackers to inject arbitrary web script or HTML via a crafted URL - Error in 'fix_non_standard_entities' function in the 'KSES HTML text cleaning library', allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Affected Software/OS: Moodle version 1.8.x prior to 1.8.12, 1.9.x prior to 1.9.8. Solution: Update to version 1.8.12, 1.9.8 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1614 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.vupen.com/english/advisories/2010/1107 Common Vulnerability Exposure (CVE) ID: CVE-2010-1615 Common Vulnerability Exposure (CVE) ID: CVE-2010-1617 Common Vulnerability Exposure (CVE) ID: CVE-2010-1618 Common Vulnerability Exposure (CVE) ID: CVE-2010-1619
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.