| Vulnerability Name: | CVE-2009-4305 (CCN-54710) | ||||||||||||||||||||||||
| Assigned: | 2009-12-02 | ||||||||||||||||||||||||
| Published: | 2009-12-02 | ||||||||||||||||||||||||
| Updated: | 2020-12-01 | ||||||||||||||||||||||||
| Summary: | SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 5.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:UR)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:UR)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-89 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||||||||||||||||||
| References: | Source: CCN Type: Debian Bug report logs - #559531 moodle: Security fixes released Source: MITRE Type: CNA CVE-2009-4305 Source: CONFIRM Type: Patch http://docs.moodle.org/en/Moodle_1.8.11_release_notes Source: CONFIRM Type: Patch http://docs.moodle.org/en/Moodle_1.9.7_release_notes Source: CCN Type: MSA-09-0031 SQL injection in SCORM module Source: CONFIRM Type: Patch, Vendor Advisory http://moodle.org/mod/forum/discuss.php?d=139120 Source: CCN Type: SA37614 Moodle Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 37614 Source: CCN Type: SA38458 Debian Moodle Multiple Vulnerabilities Source: DEBIAN Type: DSA-1986-1 moodle -- several vulnerabilities Source: DEBIAN Type: DSA-1986 moodle -- several vulnerabilities Source: CCN Type: OSVDB ID: 60818 Moodle SCORM Module Unspecified SQL Injection Source: BID Type: Patch 37244 Source: CCN Type: BID-37244 Moodle Multiple Vulnerabilities Source: VUPEN Type: Patch, Vendor Advisory ADV-2009-3455 Source: XF Type: UNKNOWN moodle-scorm-sql-injection(54710) Source: FEDORA Type: UNKNOWN FEDORA-2009-13040 Source: FEDORA Type: UNKNOWN FEDORA-2009-13065 Source: FEDORA Type: UNKNOWN FEDORA-2009-13080 Source: SUSE Type: SUSE-SR:2010:004 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||