Lucene search

MitreCVE-2004-2232

HistoryJul 17, 2005 - 4:00 a.m.

CVE-2004-2232

2005-07-1704:00:00

mitre

web.nvd.nist.gov

cve-2004-2232

sql injection

moodle

glossary module

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.

Affected configurations

Nvd

Node

moodlemoodleMatch1.1.1

moodlemoodleMatch1.2.0

moodlemoodleMatch1.2.1

moodlemoodleMatch1.3.0

moodlemoodleMatch1.3.1

moodlemoodleMatch1.3.2

moodlemoodleMatch1.3.3

moodlemoodleMatch1.3.4

moodlemoodleMatch1.4.1

VendorProductVersionCPE
moodlemoodle1.1.1cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
moodlemoodle1.2.0cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*
moodlemoodle1.2.1cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*
moodlemoodle1.3.0cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:*
moodlemoodle1.3.1cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*
moodlemoodle1.3.2cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*
moodlemoodle1.3.3cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*
moodlemoodle1.3.4cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:*
moodlemoodle1.4.1cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	1.1.1	cpe:2.3:a:moodle:moodle:1.1.1:::::::*
moodle	moodle	1.2.0	cpe:2.3:a:moodle:moodle:1.2.0:::::::*
moodle	moodle	1.2.1	cpe:2.3:a:moodle:moodle:1.2.1:::::::*
moodle	moodle	1.3.0	cpe:2.3:a:moodle:moodle:1.3.0:::::::*
moodle	moodle	1.3.1	cpe:2.3:a:moodle:moodle:1.3.1:::::::*
moodle	moodle	1.3.2	cpe:2.3:a:moodle:moodle:1.3.2:::::::*
moodle	moodle	1.3.3	cpe:2.3:a:moodle:moodle:1.3.3:::::::*
moodle	moodle	1.3.4	cpe:2.3:a:moodle:moodle:1.3.4:::::::*
moodle	moodle	1.4.1	cpe:2.3:a:moodle:moodle:1.4.1:::::::*

References

cvs.sourceforge.net/viewcvs.py/moodle/moodle/mod/glossary/sql.php?r1=1.15.2.2&amp%3Br2=1.15.2.3

secunia.com/advisories/13091

securitytracker.com/id?1012113

www.osvdb.org/11427

www.securityfocus.com/bid/11608

exchange.xforce.ibmcloud.com/vulnerabilities/17965

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

Related for CVE-2004-2232