Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2013-0280
HistorySep 19, 2013 - 1:33 p.m.

Updated moodle package fixes multiple security vulnerabilities

2013-09-1913:33:27
Gentoo Foundation
advisories.mageia.org
27

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

53.9%

JSON

Updated moodle package fixes security vulnerabilities: Null characters were allowed in query strings in Moodle before 2.4.6, which caused sql statements to terminate and fail, potentially allowing sql injection in Moodle’s SQL Server driver (CVE-2013-4313). Links to external blogs were not being adequately cleaned in Moodle before 2.4.6, potentially allowing for XSS attacks (CVE-2013-4341).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchmoodle< 2.4.6-1moodle-2.4.6-1.mga3

Related

openvas 1
nessus 1
exploitdb 1
veracode 2
cve 2
nvd 2
ubuntucve 2
cvelist 2
prion 2
zdt 1
packetstorm 1
metasploit 1
rapid7blog 1
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0280)
2022-01-28 00:00:00
nessus
nessus
Moodle 2.3.x < 2.3.9 / 2.4.x < 2.4.6 / 2.5.x < 2.5.2 Multiple Vulnerabilities
2016-07-21 00:00:00
exploitdb
exploitdb
Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities
2013-09-09 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-07-03 19:21:39
SQL Injection
2017-07-21 08:32:00
cve
cve
CVE-2013-4341
2013-09-16 13:02:48
CVE-2013-4313
2013-09-16 13:02:48
nvd
nvd
CVE-2013-4341
2013-09-16 13:02:48
CVE-2013-4313
2013-09-16 13:02:48
ubuntucve
ubuntucve
CVE-2013-4313
2013-09-16 00:00:00
CVE-2013-4341
2013-09-16 00:00:00
cvelist
cvelist
CVE-2013-4341
2013-09-16 10:00:00
CVE-2013-4313
2013-09-16 10:00:00
prion
prion
Cross site scripting
2013-09-16 13:02:00
Sql injection
2013-09-16 13:02:00
zdt
zdt
Moodle Authenticated Spelling Binary Remote Code Execution Exploit
2021-10-13 00:00:00
packetstorm
packetstorm
Moodle Authenticated Spelling Binary Remote Code Execution
2021-10-12 00:00:00
metasploit
metasploit
Moodle Authenticated Spelling Binary RCE
2021-08-29 14:50:25
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-10-15 18:49:08

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

53.9%

JSON
Related for MGASA-2013-0280
openvas1nessus1exploitdb1veracode2cve2nvd2ubuntucve2cvelist2prion2zdt1packetstorm1metasploit1rapid7blog1