Lucene search

Ubuntu.comUB:CVE-2005-3648

HistoryNov 17, 2005 - 12:00 a.m.

CVE-2005-3648

2005-11-1700:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.6%

JSON

Multiple SQL injection vulnerabilities in the get_record function in
datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL
commands via the id parameter in (1) category.php and (2) info.php.

Notes

Author	Note
jdstrand	1.5.2 and earlier

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchmoodle< 1.8.2-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.10	noarch	moodle	< 1.8.2-1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2005-3648

nvd.nist.gov/vuln/detail/CVE-2005-3648

security-tracker.debian.org/tracker/CVE-2005-3648

www.cve.org/CVERecord?id=CVE-2005-3648

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.6%

JSON

Related for UB:CVE-2005-3648