Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2024 Tenable Network Security, Inc.MOODLE_162.NASL
HistorySep 15, 2006 - 12:00 a.m.

Moodle < 1.6.2 Multiple Vulnerabilities

2006-09-1500:00:00
This script is Copyright (C) 2006-2024 Tenable Network Security, Inc.
www.tenable.com
16

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

The installed version of Moodle fails to sanitize user-supplied input to a number of parameters and scripts. An attacker can leverage these issues to launch SQL injection and cross-site scripting attacks against the affected application.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22364);
  script_version("1.27");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/06");

  script_cve_id("CVE-2006-4784", "CVE-2006-4785", "CVE-2006-4786");
  script_bugtraq_id(19995, 20085);

  script_name(english:"Moodle < 1.6.2 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that suffers from
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The installed version of Moodle fails to sanitize user-supplied input
to a number of parameters and scripts. An attacker can leverage these
issues to launch SQL injection and cross-site scripting attacks
against the affected application.");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/446227/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://docs.moodle.org/35/en/Release_Notes#Moodle_1.6.2");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Moodle version 1.6.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(89);

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:moodle:moodle");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2006-2024 Tenable Network Security, Inc.");

  script_dependencies("moodle_detect.nasl");
  script_require_keys("www/PHP", "installed_sw/Moodle");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("url_func.inc");
include("install_func.inc");

app = "Moodle";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, php:TRUE);

install = get_single_install(
  app_name : app,
  port     : port
);

dir = install['path'];
install_url = build_url(port:port, qs:dir);

# Request a redirect.
xss = "nessus.php?";
r = http_send_recv3(method: "GET",
    item:dir + "/course/jumpto.php?jump=" + urlencode(str:xss),
    port:port, follow_redirect: 0, exit_on_fail:TRUE
);

# There's a problem if...
if (
  # we get a session cookie for Moodle and...
  "MoodleSession=" >< r[0] &&
  # we're redirected
  "location.replace('" + xss + "')" >< r[2]
)
{
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
  set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);
  security_hole(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);

Related

cvelist 4
ubuntucve 4
nvd 5
cve 5
openvas 1
cvelist
cvelist
CVE-2006-4785
2006-09-14 10:00:00
CVE-2006-4784
2006-09-14 10:00:00
CVE-2006-4786
2006-09-14 10:00:00
ubuntucve
ubuntucve
CVE-2006-4785
2006-09-14 00:00:00
CVE-2006-4786
2006-09-14 00:00:00
CVE-2006-4784
2006-09-14 00:00:00
nvd
nvd
CVE-2006-4786
2006-09-14 10:07:00
CVE-2006-4784
2006-09-14 10:07:00
CVE-2006-4785
2006-09-14 10:07:00
cve
cve
CVE-2006-4786
2006-09-14 10:07:00
CVE-2006-4784
2006-09-14 10:07:00
CVE-2006-4785
2006-09-14 10:07:00
openvas
openvas
Moodle < 1.6.2 SQLi Vulnerability
2023-10-26 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON
Related for MOODLE_162.NASL
cvelist4ubuntucve4nvd5cve5openvas1