| Vulnerability Name: | CVE-2008-6124 (CCN-48783) |
| Assigned: | 2008-07-16 |
| Published: | 2008-07-16 |
| Updated: | 2018-11-08 |
| Summary: | SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.
|
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-89
|
| Vulnerability Consequences: | Data Manipulation |
| References: | Source: MITRE
Type: CNA
CVE-2008-6124
Source: CCN
Type: moodle CVS Repository
Diff of /moodle/mod/hotpot/report.php
Source: MISC
Type: Exploit, Vendor Advisory
http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2
Source: CCN
Type: MSA-08-0010
sql injection in HotPot module
Source: CONFIRM
Type: Patch, Vendor Advisory
http://moodle.org/mod/forum/discuss.php?d=101402
Source: DEBIAN
Type: Third Party Advisory
DSA-1691
Source: DEBIAN
Type: DSA-1691
moodle -- several vulnerabilities
Source: CCN
Type: OSVDB ID: 52467
HotPot Module for Moodle report.php hotpot_delete_selected_attempts Function SQL Injection
Source: CCN
Type: BID-33878
Moodle HotPot Module 'report.php' SQL Injection Vulnerability
Source: CCN
Type: USN-791-1
Moodle vulnerabilities
Source: XF
Type: UNKNOWN
hotpot-moodle-report-sql-injection(48783)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:moodle:moodle:*:*:*:*:*:*:*:* (Version >= 1.6 and < 1.6.7)OR cpe:/a:moodle:moodle:*:*:*:*:*:*:*:* (Version >= 1.7 and < 1.7.5)OR cpe:/a:moodle:moodle:*:*:*:*:*:*:*:* (Version >= 1.8 and < 1.8.6)OR cpe:/a:moodle:moodle:*:*:*:*:*:*:*:* (Version >= 1.9 and < 1.9.2)
Configuration 2:
cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:moodle:moodle:1.6.2:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.7.1:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.3:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.7.4:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.7.3:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.7.2:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.6.5:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.6.4:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.6.3:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.6.1:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.6.0:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.7.0:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.6.6:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.4:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.2:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.5:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.9.1:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.9.0:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.1:*:*:*:*:*:*:*OR cpe:/a:moodle:moodle:1.8.0:*:*:*:*:*:*:*AND cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |